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Piracy,  User 
Complaints 
Vex  Symantec 


BY  LUCAS  MEARIAN 

Symantec  Corp.  last  week 
said  software  piracy  rings  are 
costing  it  more  than  $10  mil¬ 
lion  in  lost  revenue  annually 
and  are  partly  to  blame  for  a 
slowdown  in  the  processing  of 
licenses  for  an  upgrade  of  one 
of  the  company’s  key  Veritas 
data  backup  products. 

Symantec  CIO  David 
Thompson  told  Computer- 
world  that  the  security  and 
storage  management  vendor 
has  been  investigating  large 
piracy  rings  in  the  U.S.  and 
Canada  for  more  than  two 
years.  After  Symantec  bought 
Veritas  Software  Corp.  in  July 
2005,  he  said,  it  discovered 
that  the  same  groups  were 


also  pirating  Backup  Exec,  a 
Veritas  tool  designed  for  small 
and  midsize  users. 

Thompson  said  that  the 
licensing  delays  reported  by 
some  Backup  Exec  users  are 
related  to  the  piracy  problems 
and  a  rollout  of  new  ERP  and 
online  licensing  systems  at 
Symantec.  The  rollout  was 
completed  in  early  November, 
Thompson  said,  adding  that 
the  new  systems  were  needed 
to  ensure  that  customers  aren’t 
using  pirated  copies  of  Backup 
Exec  and  other  Symantec 
products  he  wouldn’t  identify. 

But  several  Symantec  users 
said  they’re  less  concerned 
about  the  cause  of  the  prob- 

Symantec,  page  51 


IN  DEPTH  OPEN  FILE  FORMATS 

How  Massachusetts 
Battled  Microsoft 

A  long  trail  of  e-mails  between  former  Massachusetts 
CIO  Louis  Gutierrez  (right)  and  Microsoft's  Alan  Yates 
provides  a  behind-the-scenes  look  at  the  hardball  poli¬ 
tics  that  followed  the  state  IT  division’s  controversial 
decision  to  adopt  the  OpenDocument  file  format  as  a 
standard.  Carol  Sliwa  reports.  LAGEtB 
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Alien  features  in  the  new  Office  suite,  such  as  the  Office  Button,  the 
Ribbon  and  Open  XML,  could  lead  to  more  than  a  few  calls  to  the 
help  desk  from  befuddled  users,  reports  Robert  L.  Mitchell. 
Our  survey  finds  that  about  30%  of  companies  plan  to  upgrade  in 
the  next  18  months,  while  others  are  holding  off  because  of  worries 
about  deployment  headaches  and  costs.  Page  31 


IT  Caught  Off  Guard  by 
Flu  Pandemic  Warning 

Call  to  make  quarantine  preparations 
a  priority  is  ‘eye-opener’  for  execs 


BY  PATRICK  THIBODEAU 

LAS  VEGAS 

Gartner  Inc.  is  recommending 
that  businesses  complete  plan¬ 
ning  by  the  second  quarter  of 
next  year  for  a  possible  avian 
influenza  pandemic  and  in 
particular  stock  up  on  supplies 
that  would  be  needed  by  data 
center  workers  who  might  be 
quarantined  together. 

Among  the  suggestions 


offered  last  week  by  Gartner 
analyst  Ken  McGee  at  the 
consulting  firm’s  annual  data 
center  conference  here:  Store 
42  gallons  of  water  per  data 
center  employee  —  enough  for 
a  six-week  quarantine  —  and 
don’t  forget  about  food,  medi¬ 
cal  care,  cooking  facilities, 
sanitation  and  electricity. 

In  a  quarantined  environ¬ 
ment,  “you  are  not  going  any¬ 


where,”  McGee  said. 

McGee’s  presentation 
caught  the  attention  of  John 
Stingl,  chief  technology  officer 
at  Russell  Investment  Group. 
During  the  session,  Stingl  said 
later,  he  sent  a  note  on  his 
handheld  to  his  administrative 
assistant  asking  that  a  meet¬ 
ing  about  Russell  Investment’s 
pandemic-specific  planning  be 
arranged  back  at  the  compa¬ 
ny’s  Tacoma,  Wash.,  office. 

Stingl  said  the  investment 
firm  has  a  good  disaster  recov¬ 
ery  and  business  continuity 
plan.  But  after  hearing  McGee’s 
stark  warning,  Stingl  said  he 
wants  to  know  more  about  the 
company’s  plans  for  a  pan- 

Paridemic,  page  14 
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Canon  presents  five  new  Color  imageRUNNER  choices. 

\nX  Introducing  Canon’s  complete  line  of  new  Color  image  RUNNERS  solutions.  With  five  new  models,  to  choose 

from,  we’re  certain  you  can  find  the  perfect  one  for  your  business.  Not  only  that,  but  we  took  the  industry-  :  - 

leading  Canon  Color  imageRUNNER  Series,  and  vastly  improved  it  with  our  exclusive  imageCHIP  system 
architecture  which  can  be  found  in  every  model.  Our  new  imageCHIP  technology  not  only  enables  you  to 

print,  scan  and  fax  simultaneously  without  bottlenecks  in  productivity,  but  it  will  change  the  way  you  think  about  using  color 

in  the  office.  And  they  all  have  more  speed  and  power  for  greater  performance.  In  fact,  the  Canon  Color  imageRUNNER 

....  >•- 

will  deliver  the  f  uture  of  color  in  the  workplace  today  with  the  color  quality  you’ve  come  to  expect  from  Canon. 

The  Canon  Color  imageRUNNER.  It’s  what’s  next  for  color. 
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The  HP  BladeSystem  c-Class  with  Thermal  Logic  Technology. 

Thanks  to  our  intuitive  Thermal  Logie  Technology,  now  you  can  assess 
your  power  usage  and  system  temperature  so  you  can  respond  quickly 
to  changing  needs.  The  graphical  thermal  dashboard  provides  you 
with  an  instant  snapshot  of  the  power  consumption,  heat  output  and 
cooling  capacity  of  your  environment  —  all  on  one  screen.  With  the  HP 
BladeSystem,  you'll  have  the  ability  to  lower  power  usage  and  heat 
without  sacrificing  performance. 

Simply  plug  in  the  HP  ProLiant  BL460c  server  blade,  featuring 
Dual-Core  Intel®  Xeon®  Processors,  and  you'll  get  the  performance  and 


versatility  you  need  to  support  32-  and  64-bit  computing  environments. 
Using  the  HP  BladeSystem  for  your  business  will  keep  the  control  exactly 

where  it  should  be  —  in  your  hands. 


Experience  the  HP  BladeSystem  and  download  the  IDC  White 
Paper  "Enabling  Technologies  for  Power  &  Cooling." 


Click  www.YouAlwaysHadlt.com/cool7 

Call  1-866-625-4090 
Visit  your  local  reseller 


® 


Dial-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate  operating  system  software  for  full  benefit;  check 
with  software  provider  to  determine  suitability;  not  all  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology.  Requires  a  separately  purchased  64-bit  operating  system  and  64-bit  software  products  to  take 
advantage  of  the  64-bit  processing  capabilities  of  the  Dual-Core  Intel  Xeon  Processor.  Given  the  wide  range  of  software  applications  available,  performance  of  a  system  including  a  64-bit  operating  system  will  vary.  Intel’s  numbering  is  not 
a  measurement  of  higher  performance.  Intel,  the  Intel  Logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein 
is  subject  to  change  without  notice.  ©2006  Hewlett-Packard  Development  Company,  L.P. 
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Moving  Target 

In  the  Management  section:  Today’s  information 
security  professionals  have  followed  diverse  paths 
to  their  current  roles,  but  hiring  requirements  are 
tightening  as  job  responsibilities  grow.  Page  39 
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IN-DEPTH 

Open  Dialogue 

Rankled  by  the 
Massachusetts  IT 
division’s  adoption  of 
the  Open  Document 
Format  for  Office 
Applications  as  a 
standard  for  state  *v 

agencies,  Microsoft  backed  legisla¬ 
tion  that  could  have  stripped  the  IT 
unit  of  its  decision-making  author¬ 
ity  over  technology  standards.  But 
Bay  State  CIO  LOUIS  GUTIERREZ 
maintained  on  open-door  policy 
with  Microsoft  -  if  not  one  of  its 
lobbyists  -  and  the  two  sides  even¬ 
tually  defused  the  unlikely  political 
battle  over  document  file  formats. 

E-mails  obtained  by  Computer- 
world  provide  a  behind-the-scenes 
look  at  the  battle.  ’AGE  16 


r 


6  The  Vista  migration  is  expected 
to  be  slow.  A  few  early  adopters 
will  move  to  the  new  operating 
system  right  away,  but  most  com¬ 
panies  will  opt  for  lengthy  testing 
and  staggered  PC  replacements. 

6  Touch-screen  voting  machines 

might  get  the  boot  in  Ohio’s 
Cuyahoga  County. 

8  Global  Dispatches:  A  cooperative 
that  runs  an  interbank  messag¬ 
ing  service  is  accused  of  violating 
European  privacy  laws  by  giving 
data  to  U.S.  authorities. 

All  Saiesforce.com  continues  its 
LL  effort  to  make  it  easier  to  link 
its  hosted  CRM  software  to  other 
applications. 

AQ  CA’s  Unicenter  systems  man- 
LU  agement  tool  now  supports 
servers  running  clustering  and 
virtualization  software  from  a 
variety  of  vendors. 


Columnist  Mike  Elgan 
calls  the  Treo  680 
“the  best  smart  phone 
in  the  world.” 


TECHNOLOGY 

Close  Encounters  With 
U I  Office  2007.  A  new  user  inter¬ 
face  and  a  new  file  format  in  Micro¬ 
soft’s  forthcoming  Office  2007 
suite  have  IT  managers  concerned 
about  backward  compatibility,  user 
training  and  ROI.  We  asked  72 7  IT 
professionals  about  their  migration 
plans,  and 
44%  of  them 
said  they 
aren’t  plan¬ 
ning  to  make 
the  big  move. 

QP  Security  Manager’s  Journal: 
00  Stopping  Data  From  Flying 
Off  to  Google.  New  desktop  PCs 
at  C.J.  Kelly’s  state  agency  come 
with  Google  Desktop  installed. 
Such  a  useful  program  couldn’t  be 
a  problem,  could  it?  Take  a  look  at 
the  Search  Across  Computers  fea¬ 
ture,  which  gives  our  columnist 
the  creeps. 


MANAGEMENT 


1A  IT  Mentor:  Talking  the  Walk. 

“It  Tom  Bugnitz  says  that  if  you 
want  to  speak  the  language  of 
business,  talk  about  the  services 
IT  provides  to  the  business  rather 
than  the  activities  it  executes  to 
provide  those  services. 
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E4A  On  the  Mark: 

IU  Mark  Hall 

talks  to  a  security 
CEO  who  says 
encrypting  all 
data  all  the  time 
would  cut  down 
on  the  amount  of  time  IT 
staffers  have  to  spend 
securing  systems. 


MDon  Tennant 

says  Novell 
CEO  Ron  Hovsepian 
could  teach  a  course 
on  how  to  deal  with 
Microsoft. 


n  1  Bruce  A.  Stewart  es- 

Lr I  pouses  a  second  set  of 
books  for  IT  departments  that 
want  to  see  where  budget¬ 
changing  opportunities  lie. 

AC  Michael  H.  Hugos  asks  his 
project  team  leaders  five  yes- 
or-no  questions  every  week.  They 
serve  as  the  radar  that  keeps  proj¬ 
ects  from  running  aground. 

QQ  David  Strom  is  concerned 
UtJ  by  Bluetooth  compatibility 
issues  that  can  be  a  headache  for 
corporate  IT  departments. 

1 1  Paul  Glen  usually  looks  at  the 
*T  human  issues,  not  processes, 
when  he’s  called  in  to  rescue  a 
struggling  project. 

CQ  Frankly 
lib  Speaking: 

Frank  Hayes 

thinks  the  real 
question  facing 
the  Pentagon  is 
why  it  accepts  any 
software  that  it  can’t  adequately 
review  and  verify. 


COOL STUFF 

2006 


The  GO  510  GPS 
boasts  real-time 
traffic  updates 
and  Bluetooth 
capability  for 
less  than  S500. 


Guitar  Hero  II 
lets  you  hook 
up  a  1/3-scale 
plastic  guitar  to 
a  PlayStation  2. 


Stumped  on  what  to  get 
the  technology  lovers  on 
your  list?  This  year’s  Cool 
Stuff  Holiday  Gift  Guide 
points  you  to  the  best  in 
flat-screen  TVs,  digital 
cameras,  smart  phones  and 
lots  more. 

You’ll  find  gifts  for  the 
gamer,  the  audiophile,  the 
gadget  buff  and  the  tech¬ 
nology  fashionista.  And,  of 
course,  something  for 
yourself.  Whether 
it’s  a  digital  musical 
player  and  headset  or 
computer  and  cool  ac¬ 
cessories,  you’re  sure  to 
see  something  that  catches 
your  eye. 

Let  the “ooohs”  and 
“aaahs”  begin.  It’s  techno¬ 
lust  time! 

©  www.computerworld. 
com/hardware 


Mimobots  get 
the  nod  for  best 
wacky  USB 
drives. 
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AT  DEADLINE 


Feds  Warn  Banks  of 
Al-Qaeda  Cyberthrea! 

The  U.S.  Computer  Emergency 
Readiness  Team  last  week 
warned  banks  and  other  finan¬ 
cial  institutions  that  al-Qaeda 
had  threatened  to  attack  their 
Web  sites  in  December.  But 
US-CERT,  which  is  part  of  the 
U.S.  Department  of  Homeland 
Security,  has  “no  information 
to  corroborate  the  threat,”  said 
a  DHS  spokeswoman.  The  alert, 
which  was  issued  Thursday,  was 
“really  sent  out  of  an  abundance 
of  caution,”  she  added. 


DOJ  Probe  Seeks  Info 
From  AMD,  Nvidia 

Advanced  Micro  Devices  Inc.  and 
Nvidia  Corp.  both  said  they  have 
received  subpoenas  from  the  U.S. 
Department  of  Justice  as  part  of 
an  antitrust-related  investigation 
of  the  market  for  graphics  proc¬ 
essors  and  cards.  AMD  said  the 
DOJ  hasn’t  made  any  allegations 
against  it  or  graphics  chip  maker 
ATI  Technologies  Inc.,  which 
it  bought  in  October.  AMD  and 
Nvidia  each  said  they  will  coop¬ 
erate  with  the  investigation. 


Business  Objects  Buys 
Web  Tools  Vendor 

Business  Objects  SA  said  it  has 
acquired  Nsite  Software  Inc.,  a 
Sunnyvale,  Calif.-based  vendor 
of  tools  for  developing  software- 
as-a-service  applications.  Busi¬ 
ness  Objects  plans  to  use  Nsite’s 
technology  to  build  customizable 
business  intelligence  applica¬ 
tions  that  integrate  multiple  data 
sources  and  can  be  accessed 
via  Web  browsers.  The  purchase 
price  wasn’t  disclosed. 


Short  Takes 

The  U.S.  DEPARTMENT  OF  COM¬ 
MERCE  approved  an  agreement 
for  VeriSign  Inc.  to  continue  to 
operate  the  .com  domain  for 
six  more  years  after  its  current 
contract  expires  in  late  2007. . . . 
The  TEXAS  DEPARTMENT  OF  IN¬ 
FORMATION  RESOURCES  awarded 
IBM  a  data  center  consolidation 
and  management  contract  val¬ 
ued  at  $863  million  over  seven 
years. 


Users  Likely  to  Drag  Feet  on  Vista  Rollouts 


New  OS  won’t  surpass  Windows  XP  in 
business  use  until  2010,  Gartner  says 


the  40%  on  Windows  XP  Pro, 
it  said.  And  Gartner  doesn’t 
expect  the  number  of  business 
PCs  running  Vista  to  exceed 
the  number  with  XP  until  2010. 

Microsoft  is  trying  its  best  to 
nudge  business  customers  into 
action,  touting  Vista’s  easier 
deployment  and  manageability 
and  its  stronger  security. 

But  Gartner  analyst  Michael 
Silver  said  that  likely  won’t 
persuade  most  companies 
to  deviate  from  their  normal 
routines  —  staggered  cycles 
of  three  to  five  years  for  hard¬ 
ware  replacement. 

“More  than  half  of  our  cli¬ 
ents  are  telling  us  that  they’re 
only  bringing  in  Vista  as  part 
of  their  regular  hardware 
refresh,”  Silver  said.  Indeed, 
he  expects  many  companies 
to  exercise  the  “downgrade 
rights”  in  their  Software  As¬ 
surance  contracts  with  Micro¬ 
soft  next  year  so  they  can  still 


Ohio  County  Considers 
Shift  on  E-voting  Systems 


BY  ERIC  LAI 

ICROSOFT  CORP. 
no  doubt  wishes 
all  companies 
were  like  Sasfin 
Bank  Ltd.  when  it  comes  to  in¬ 
stalling  Windows  Vista. 

Sasfin  plans  to  start  upgrad¬ 
ing  to  Windows  Vista  by  next 
March  and  have  all  430  of  its 
employees  running  the  new 
operating  system  by  the  end  of 
2007.  “We  have  a  very  spoiled 
user  base,”  said  Dawie  Olivier, 
project  manager  for  IT  at  the 
Johannesburg,  South  Africa- 
based  commercial  bank. 

Olivier  said  last  week  that  as 
part  of  Sasfin’s  normal  three- 
year  hardware-refresh  cycle, 
he  intends  to  bring  in  new  PCs 
with  Vista  for  one-third  of  the 
bank’s  users.  He  plans  to  retro¬ 
fit  the  remaining  computers 
with  more  memory  and  faster 
video  cards  so  the  systems  can 
handle  Vista’s  beefed-up  re¬ 
quirements. 

“It’s  not  cost-effective  for  us 
to  support  multiple  operating 
systems  just  because  we’re  shy 
about  cracking  open  a  few  PC 
cases,”  Olivier  said. 

But  Sasfin  is  an  exception  to 
what  analysts  predict  will  be 
the  rule:  Despite  Microsoft’s 
splashy  launch  of  Vista  last 
week,  the  operating  system 
will  only  slowly  infiltrate  busi¬ 
nesses  over  the  next  four  years. 

Sticking  With  XP 

By  the  end  of  2007,  less  than 
5%  of  all  PCs  worldwide  will 
sport  a  business-oriented 
version  of  Windows  Vista,  ac¬ 
cording  to  a  forecast  by  Gart¬ 
ner  Inc.  In  comparison,  the 
consulting  firm  predicted,  47% 
will  be  running  Windows  XP 
Professional,  and  nearly  10% 
will  still  have  Windows  2000 
Professional,  which  will  be 
seven  years  old  by  that  point. 

Gartner  said  it  expects  the 
percentage  of  PCs  running  a 
business  flavor  of  Windows 
Vista  to  rise  to  15%  of  the  over¬ 
all  total  by  the  end  of  2008.  But 
that  will  still  be  dwarfed  by 


BY  MARC  L.  SONGINI 

Officials  in  Ohio’s  Cuyahoga 
County  are  mulling  the  idea  of 
scrapping  a  $17  million  invest¬ 
ment  in  touch-screen  electron¬ 
ic  voting  systems  and  switch¬ 
ing  to  optical-scan  devices. 

Cuyahoga  County,  which 
includes  Cleveland,  began  us¬ 
ing  Diebold  Election  Systems’ 
AccuVote  TSx  touch-screen 
machines  in  elections  this 
year.  But  some  members  of 
the  county’s  Board  of  Com¬ 
missioners  are  concerned  that 
those  systems  won’t  be  able 
to  handle  a  growing  number 
of  voters.  In  contrast,  they  say, 
optical-scan  systems  could 
accommodate  increased  num¬ 
bers  of  voters  in  elections  with 
heavy  turnouts  by  allowing 
elections  officials  to  add  more 
booths  for  filling  out  paper 
ballots  at  polling  places. 

Hugh  Shannon,  government 


service  coordination  manager 
for  the  county,  confirmed  that 
a  shift  to  optical-scan  devices 
is  being  discussed.  “We  are 
gathering  information  towards 
that  end,”  Shannon  said.  A 
decision  will  likely  be  made  by 
the  end  of  the  year,  he  added. 

Michael  Vu,  director  of  the 
Cuyahoga  County  Board  of 
Elections,  said  that  neither 
he  nor  any  members  of  his 
committee  had  discussed  the 
voting  systems  issue  with  the 
board  of  commissioners. 

The  use  of  Diebold’s  touch¬ 
screen  systems  in  a  May  2 
primary  in  Cuyahoga  County 
was  the  subject  of  a  critical  re¬ 
port  issued  last  summer  by  the 
Election  Science  Institute.  The 
San  Francisco-based  ESI  is  a 
nonprofit  group  that  promotes 
the  development  of  auditable 
election  systems. 

The  report,  which  was  based 


Sales  Outlook 


Forecast  worldwide  share 
of  new  PC  shipments 
by  operating  system  in  2007 


L  Mac  OS  X:  2.3% 


4.8% 

DOS  or 
no  OS:  9.1% 


order  new  PCs  with  Windows 
XP  Pro.  As  a  result,  Gartner 
expects  22%  of  all  PCs  sold  in 
2007  to  come  with  that  operat¬ 
ing  system  (see  chart). 

About  half  of  the  PCs  now 
used  by  North  American  busi¬ 
nesses  fall  below  Windows 
Vista’s  minimum  system  re¬ 
quirements,  according  to  an 
automated  survey  of  systems 
conducted  from  June  through 


September  by  Softchoice  Corp. 
And  nearly  eight  of  10  business 
PCs  would  need  additional 
memory  to  run  Vista  features 
such  as  the  Aero  3-D  “glass” 
interface,  according  to  data  the 
Toronto-based  technology  re¬ 
seller  gathered  from  more  than 
112,000  PCs  at  472  companies 
and  organizations. 

To  get  all  750  of  its  Win¬ 
dows  users  onto  Vista  next 
year,  FranklinCovey  Co.  plans 
to  upgrade  about  two-thirds  of 
its  PCs  to  a  minimum  of  1GB 
of  RAM  and  replace  the  rest  of 
the  systems,  said  Dan  See,  di¬ 
rector  of  infrastructure  at  the 
time  management  products 
maker  in  Salt  Lake  City. 

But  FranklinCovey,  which 
took  part  in  Microsoft’s  Tech¬ 
nology  Adoption  Program  for 
Vista,  has  its  limits.  See  has 
no  plans  to  upgrade  the  video 
cards  in  existing  PCs  —  and 
that  might  prevent  users  from 
taking  advantage  of  Aero  3-D. 
“The  expense  of  updating  all  of 
the  video  cards  is  prohibitive,” 
he  said.  * 


on  a  study  funded  by  the  coun¬ 
ty  commissioners,  stated  that 
most  voters  surveyed  by  the 
ESI  said  they  liked  the  e-voting 
systems  and  found  them  easier 
to  use  than  the  punch-ballot 
machines  they  replaced.  But 
the  report  cited  a  series  of  op¬ 
erational  and  procedural  issues, 
including  problems  with  the 
paper  audit  trails  generated  by 
the  Diebold  systems. 

It’s  noteworthy  that  the 
commission  is  now  consid¬ 
ering  a  change,  said  Steven 
Hertzberg,  a  project  director 
at  the  ESI.  “Diebold’s  rhetoric 
about  the  performance  of  its 
[systems]  does  not  withstand 
objective  scrutiny,”  he  said. 

Diebold,  however,  claims  that 
its  touch-screen  systems  work 
very  well  with  large  numbers 
of  voters.  David  Bear,  a  spokes¬ 
man  for  the  Allen,  Texas-based 
unit  of  Diebold  Inc.,  said  the 
problems  in  Cuyahoga  County 
have  tended  to  be  the  result  of 
training  problems  and  a  lack 
of  familiarity  with  the  devices, 

!  not  the  technology  itself.  ► 
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Panel  Calls  on  SWIFT  to 
Stop  diving  Data  to  U.S. 

LONDON 

N  ADVISORY  panel  set  up  by  the 
European  Commission  has  found 
that  SWIFT,  a  Belgium-based  or¬ 
ganization  that  runs  a  messaging  ser¬ 
vice  supporting  financial  transactions 
between  banks,  is  violating  European 
and  Belgian  data  privacy  laws  by  turn¬ 
ing  over  information  to  U.S.  authorities 
for  use  in  terrorism  investigations. 

The  panel,  known  as  the  Article  29 
Working  Group,  said  in  a  Nov.  23  report 
to  the  EC  that  the  Society  for  World¬ 
wide  Interbank  Financial  Telecommu¬ 
nication  SCRL  should  face  sanctions  if 
it  doesn’t  stop  the  alleged 
violations. 

SWIFT,  a  cooperative 
owned  by  about  8,000 
financial  institutions 
worldwide,  keeps  identi¬ 
cal  copies  of  its  data  at 
facilities  in  the  U.S.  and 
the  Netherlands.  The  two 
facilities  are  each  subject 
to  local  laws,  SWIFT  said 
in  a  statement  denying 
that  it  is  violating  Euro¬ 
pean  laws. 

A  spokesman  said 


SWIFT  turns  over  specific  subsets 
of  data  to  the  U.S.  Department  of 
the  Treasury  based  on  court-  ordered 
requests  and  doesn’t  allow  indiscrimi¬ 
nate  access.  The  organization  negoti¬ 
ated  with  the  U.S.  government  to  moni¬ 
tor  and  audit  the  requests,  he  added. 

■  JEREMY  KIRK,  IDG  NEWS  SERVICE 


EMC  Seeks  Fix  for  Slow 
Sales  Growth  in  Asia 

SINGAPORE 

FTER  SEVERAL  quarters  of  lack¬ 
luster  financial  performance  in 
Asia,  EMC  Corp.  is  looking  to  get 
its  regional  operations  back  on  track. 
Steve  Leonard,  who  took  over  as 

president  of  EMC’s  Asia- 
Pacific  unit  in  April  with 
a  mandate  to  revive  its 
business,  said  in  an  inter¬ 
view  last  week  that  the 
storage  vendor  needs  “to 
do  a  better  job  of  execu¬ 
tion”  in  Asian  countries. 

In  the  third  quarter, 
EMC’s  revenue  in  Asia 
grew  by  6.9%,  far  lower 
than  the  rate  of  growth  in 
other  regions.  Improving 
growth  levels  will  take 
time,  Leonard  said,  not¬ 


ing  that  EMC  is  taking  a  measured  ap¬ 
proach  to  resolving  its  operational  is¬ 
sues.  For  example,  EMC  plans  to  work 
more  closely  with  channel  partners  on 
sales  and  give  users  a  single  support 
contact  for  all  its  products. 

■  SUMNER  LEMON,  IDG  NEWS  SERVICE 

Microsoft  Submits  More 
Documents  in  Europe 

BRUSSELS 

ICROSOFT  CORP.  submitted  a  new 
batch  of  technical  information 
about  Windows  to  the  European 
Commission’s  antitrust  department  last 
Thursday,  meeting  a  deadline  set  by  EC 
regulators  one  week  earlier. 

Microsoft,  which  faced  daily  fines  of 
€3  million  ($3.9  million  U.S.)  if  it  didn’t 
produce  the  overdue  documentation, 
called  the  submission  “an  important 
milestone”  in  its  efforts  to  comply  with 
the  requirements  of  the  EC’s  March 
2004  ruling  that  the  company  had  vio¬ 
lated  competition  laws. 

“Now  the  submission  from  Microsoft 
is  worth  testing,”  EC  spokesman  Jona¬ 
than  Todd  said.  But  if  rivals  looking  to 
develop  server  software  that  can  in¬ 
teroperate  with  Windows  find  that  the 
documentation  still  isn’t  adequate,  Mi¬ 
crosoft  could  be  hit  with  the  €3  million 
daily  fines  backdated  to  the  previous 
submission  deadline  in  July,  Todd  said. 

■  PAUL  MELLER,  IDG  NEWS  SERVICE 


Compiled  by  Craig  Stedman. 


Briefly  Noted 

BT  Group  PLC  last  week  said  it  has 
begun  connecting  customers  in  the 
U.K.  to  its  new  IP-based  telecommu¬ 
nications  network.  The  21st  Century 
Network  will  offer  a  mix  of  voice, 
data  and  video  services  over  a  single 
broadband  connection  at  speeds  of 
up  to  24Mbit/sec.  BT  said  it  plans  to 
switch  more  than  350,000  lines  to 
the  network  by  mid-2007. 

■  JOHN  BLAU,  IDG  NEWS  SERVICE 


Microsoft  said  it  has  signed  an 
agreement  to  invest  an  undisclosed 
amount  of  money  in  a  Beijing-based 
IT  outsourcing  operation  set  up 
by  Tata  Consultancy  Services  Ltd., 
finalizing  a  deal  announced  in  June 
2005.  Microsoft  will  hold  a  10% 
stake  in  the  TCS  China  joint  venture. 
Mumbai,  India-based  TCS  owns 
65%,  and  three  China-based  part¬ 
ners  hold  a  combined  25%. 
h  SUMNER  LEMON, 

IDG  NEWS  SERVICE 


Alcatel  SA  completed  its  acquisi¬ 
tion  of  Lucent  Technologies  Inc.  last 
Thursday  and  began  operating  under 
the  name  Alcatel-Lucent.  The  com¬ 
bined  company  will  be  based  in  Paris. 
But  the  networking  vendor  will  be 
run  by  Lucent  executive  Patricia 
Russo,  who  was  named  CEO. 

■  STEPHEN  LAWSON, 

IDG  NEWS  SERVICE 


GLOBAL  FACT 


Percentage  of  IT  work¬ 
ers  in  the  U.K.  who  have 
applied  for  a  new  job  or 
registered  with  a  recruit¬ 
ment  agency  in  the  past  12 
months,  based  on  a  survey 
of  more  than  1,000  people. 

SOURCE:  L0UDH0USE 
RESEARCH,  LONDON1 


Wall  Street  Cold  to  Rural  Pa.  Hot-Site  Proposal 

No  takers  yet  in  bid  to  turn  Poconos 
region  into  a  disaster  recovery  zone 


BY  SHARON  FISHER 

An  attempt  to  entice  New  York- 
based  financial  services  firms 
to  set  up  business  continuity 
facilities  in  nine  counties  in 
northeastern  Pennsylvania 
has  yet  to  attract  any  clients 
to  what  is  optimistically  being 
dubbed  “Wall  Street  West.” 

The  initiative  is  aimed 
at  making  the  areas  in  and 
around  the  Pocono  Mountains 
competitive  with  neighbor¬ 
ing  New  Jersey  as  a  location 
for  disaster  recovery  sites  and 
secondary  data  centers.  Penn¬ 
sylvania  officials  also  hope 
companies  will  hire  residents 
to  be  on-site  IT  workers,  creat¬ 
ing  new  job  opportunities  in 


an  area  that  is  in  need  of  eco¬ 
nomic  revitalization. 

Last  February,  the  U.S.  De¬ 
partment  of  Labor  gave  the 
Bethlehem,  Pa.-based  nonprofit 
organization  that  is  coordinat¬ 
ing  the  Wall  Street  West  efforts 
a  three-year,  $15  million  grant 
to  fund  IT  training  programs. 
The  group  also  expects  more 
than  $10  million  from  the  state 
government  to  help  it  develop  a 
fiber-optic  infrastructure  over 
the  next  15  to  18  months,  said 
Jim  Ryan,  director  of  outreach 
and  network  development  for 
Wall  Street  West. 

The  Penn  Regional  Business 
Center,  a  planned  mixed-use 
site  in  Monroe  County,  has 


latched  on  to  the  Wall  Street 
West  concept.  Larry  Simon, 
the  business  center’s  devel¬ 
oper,  hosted  an  event  on  Oct. 

10  that  was  attended  by  24 
representatives  from  17  Wall 
Street  firms,  including  Morgan 
Stanley,  Merrill  Lynch  &  Co. 
and  Prudential  Financial  Inc. 

Not  the  Right  Match 

Attendees,  some  of  whom 
asked  not  to  be  identified,  said 
in  general  that  the  proposed 
project  is  interesting  —  but 
just  not  right  for  them. 

For  example,  Steve  White, 
vice  president  of  information 
systems  services  at  Insurance 
Services  Office  Inc.  in  Jersey 
City,  N.J.,  said  Simon  is  look¬ 
ing  for  anchor  companies  that 
need  larger  facilities  than 
he  does  and  that  would  keep 


those  facilities  fully  staffed. 

White,  on  the  other  hand, 
said  he’s  considering  setting  up 
a  lights-out  data  center  by  2009 
as  a  secondary  IT  location  that 
he  hopes  would  cost  less  to 
operate  than  he  pays  now  for 
a  contract  to  use  a  disaster  re¬ 
covery  vendor’s  hot  site. 

At  the  event  in  October, 

Penn  Regional  officials  talked 
about  plans  for  high-speed 
trains  that  could  make  the  trip 
from  Manhattan  in  an  hour, 
White  said.  He  added  that  such 
a  service  is  necessary  because 
that  trip  typically  takes  nearly 
three  hours  by  car. 

Ralph  Wonder,  director  of 
public  affairs  at  Penn  Regional, 
said  the  business  center  is 
working  with  Accenture  Ltd. 
and  BearingPoint  Inc.  to  help 
identify  potential  clients  and 


is  talking  with  “a  couple  of 
very,  very  major  firms”  that  he 
wouldn’t  identify. 

“It’s  still  quite  a  sell  job 
in  terms  of  making  [compa¬ 
nies]  aware  of  the  benefits 
of  this  area  and  [persuading 
them]  to  locate  backup  op¬ 
erations  here,”  said  Laura  Ep- 
pler,  a  spokeswoman  for  Ben 
Franklin  Technology  Partners. 
The  state-funded  economic 
development  organization’s 
regional  operation  in  north¬ 
eastern  Pennsylvania  is  assist¬ 
ing  the  Wall  Street  West  group 
and  administering  the  training 
grant. 

A  contract  to  build  the 
planned  fiber-optic  network 
between  the  Poconos  area 
and  New  York  was  supposed 
to  have  been  awarded  on  Nov. 
17  by  Pennsylvania  Gov.  Ed 
Rendell’s  office.  But  that  still 
hadn’t  happened  as  of  press 
time  last  week. » 


With  competition  heating  up,  how  will 
Air  China  open  new  doors  abroad? 
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Dynamic  Networking.  Take  Flight. 

Competition  can  be  fierce.  With  competitors  giving  chase  in  the  domestic  market, 
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Dynamic  Networking  from  the  new  AT&T 

includes  redundancies  and  security  failsafes  from  the  ground  up 
to  help  ensure  business  continuity,  operational  readiness  and 
data  recovery.  With  easy  provisioning  of  VPN  solutions  for  secure, 
remote  access  from  almost  anywhere.  So  no  matter  what  comes 
down,  Dennis  knows  his  enterprise  can  be  up  and  running.  Learn 
how  Dynamic  Networking  can  enable  your  business. 
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IRS  Drops  Plan  to 
Bid  Out  IT  Work 

The  Internal  Revenue  Service 
has  shelved  a  plan  to  hold  a 
public/private  competition  that 
could  have  affected  up  to  2,000 
of  its  IT  workers.  The  IRS  had 
hoped  that  opening  its  help  desk 
operations,  PC  support  and  other 
“seat  management”  functions 
to  external  bids  would  improve 
efficiency.  But  the  agency  said 
an  analysis  showed  that  it  is  too 
large  and  spread  out  for  the  idea 
to  be  viable.  The  IRS  is  assess¬ 
ing  alternatives,  including  a  re¬ 
engineering  of  its  IT  processes. 


3Com  to  Part  Ways 
With  Partner  Huawei 

3Com  Corp.  said  it  plans  to  buy 
out  Huawei  Technologies  Co.’s 
stake  in  a  networking  equipment 
joint  venture  the  two  companies 
set  up  in  2003. 3Com  will  pay 
$882  million  for  Huawei’s  49% 
share  in  the  joint  venture,  which 
is  based  in  Hong  Kong  but  has 
most  of  its  operations  in  Hang¬ 
zhou,  China.  The  deal  still  needs 
to  be  approved  by  the  Chinese 
government,  said  3Com,  which 
took  majority  ownership  of  the 
joint  venture  last  January. 


Novell  Pulls  Out  of 
Open-Source  Project 

Novell  Inc.  has  pulled  its  fund¬ 
ing  for  the  Hula  open-source 
project  and  is  reassigning  its 
workers  who  had  been  involved 
in  the  collaboration  server  soft¬ 
ware  initiative,  according  to  a 
newsgroup  posting  by  one  of  the 
employees.  Novell’s  Hula  team 
examined  the  opportunities  for 
the  project  and  decided  that  it 
wasn’t  worth  continued  invest¬ 
ment,  the  worker  wrote. 


Short  Takes 

AFFILIATED  COMPUTER  SER¬ 
VICES  INC.  said  its  CEO  and 
CFO  have  resigned  following  an 
internal  probe  of  the  outsourcing 
vendor’s  stock-option  practices 
found  that  the  two  executives 
had  violated  its  code  of  eth¬ 
ics _ PALM  INC.  lowered  the 

financial  forecast  for  its  second 
quarter,  which  ended  on  Friday. 
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Encrypt  Everything 
And  Boost . . . 

. . .  your  IT  productivity  everywhere.  That’s  Phil  Dunkle- 
berger’s  sunny  prediction  for  companies  that  adopt 
rigorous  steps  to  scramble  up  their  data,  whether  it’s 
“in  motion,  at  rest  or  in  use.”  Dunkleberger  is  CEO  of 
Palo  Alto,  Calif.-based  security  trailblazer  PGP  Corp., 
which  was  founded  15  years  ago  to  put  data  encryption 


tools  in  the  hands 
of  everyone.  Back  in 
those  days,  Dunkle¬ 
berger  recalls,  the 
U.S.  government  was 
throwing  legal  and  bu¬ 
reaucratic  roadblocks 
in  front  of  companies 
that  offered  or  wanted 
to  use  data  encryption 
technology,  because 
Uncle  Sam  wanted  its  spy 
agencies  to  dominate  the 
field.  And  the  press  was  filled 
with  stories  about  Colombian 
drug  lords  using  encryption 
to  outwit  hapless  cops.  Ironi¬ 
cally,  Dunkleberger  observes, 
the  feds  are  now  encouraging 
—  even  mandating  —  encryp¬ 
tion.  Dunkleberger  says  that 
if  you  encrypt  all  of  your 
data  all  of  the  time,  your  IT 
staffers  won’t  have  to  fiddle 
with  myriad  security  tools  to 
block  unauthorized  access 
to  data,  because  only  users 
with  access  rights  will  be 
able  to  view  the  decrypted 
information.  He  also  wants 
to  lay  to  rest  the  long-held 
belief  that  encryption  ham¬ 
pers  network  and  systems 


performance.  Vastly 
improved  compres¬ 
sion  techniques  have 
unclogged  network 
pipes,  Dunkleberger 
claims,  while  the  prod¬ 
ucts  of  Moore’s  Law 
now  enable  computers 
to  crunch  encryption 
algorithms  with  ease. 
Later  this  month,  his 
company  will  release  PGP 
9.5.2,  which  automatically 
encrypts  data  stored  on  pe¬ 
ripherals  such  as  USB  thumb 
drives,  shared  data  stores  or 
removable  disks.  Annual  sub¬ 
scriptions  start  at  $49  per  user. 

But  encryption 
won’t  stop . . . 

. . .  viruses  or  spyware  on  your 

network.  That’s  why  even  the 
folks  at  PGP  will  tell  you  to 
keep  your  antimalware  tools 
up  to  date.  One  of  your  op¬ 
tions  is  ZoneAlarm  7.0,  which 
is  scheduled  to  ship  on  Dec.  18. 
Laura  Yecies,  vice  president 
and  general  manager  of  the 
consumer  division  at  Check 
Point  Software  Technologies 
Ltd.  in  Redwood  City,  Calif., 


says  the  up¬ 
grade  sports  a 
new  antivirus 
engine  that 
gets  more  fre¬ 
quent  updates 
on  malware 
signatures 
and  has  more 
than  200,000 
in  its  database 
already.  One  neat  feature:  It 
monitors  Web  sites  that  are 
notorious  for  trading  credit 
card  information  and  alerts 
end  users  if  their  private  data 
is  being  auctioned  on  the  black 
market.  Pricing  starts  at  $69. 

Develop  real-time 
apps  within  the . . . 

. . .  Eclipse  framework.  “The 
demand  for  real-time  event 
processing  spiked  this  year,” 
says  William  Hobbib,  vice 
president  of  marketing  at 
StreamBase  Systems  Inc.  in 
Lexington,  Mass.  The  prima¬ 
ry  causes,  he  adds,  have  been 
e-commerce 
and  “click- 
stream  fraud 
detection.” 

On  Friday, 

StreamBase 
will  extend  its 
application 
development  environment 
by  shipping  two  plug-ins 
for  the  Eclipse  open-source 
development  platform.  With 
one,  Hobbib  says,  program¬ 
mers  can  use  wizards  to  link 
to  real-time  data  feeds  from 
structured  or  unstructured 
sources  via  prebuilt  connec¬ 
tors.  The  plug-in  then  lets 
you  funnel  the  incoming 
information  to  his  company’s 
Stream  Processing  Engine 
for  real-time  analysis.  The 
second  plug-in  enables  you  to 
graphically  represent  an  ap¬ 
plication  workflow  and  then 
output  StreamBase  source 
code.  Both  plug-ins  are  free. 

End-user  behavior 
often  undermines . . . 

. . .  efforts  to  block  malware. 

Hence  the  need  for  real-time 
exploit-detection  tools,  ac¬ 


cording  to  Roger  Thompson, 
chief  technology  officer  at  Ex¬ 
ploit  Prevention  Labs  Inc.  in 
Marietta,  Ga.  Thompson  says 
his  company’s  Windows-only 
software,  LinkScanner  Pro, 
protects  people  from  sophis¬ 
ticated  phishing  schemes  and 
prevents  them  from  going  to 
Web  sites  known  to  be  unsa¬ 
vory.  It  can  even  determine 
whether  unclassified  sites  are 
bad  by  detecting  malware 
techniques  such  as  obfuscat¬ 
ed  JavaScript  code  and  stop¬ 
ping  them  before  they  hit  a 
browser.  An  Internet  Explorer 
version  is  available  now; 
Firefox  support  will  arrive  in 
January.  Pricing  starts  at  $30. 

Open-source  software 
takes  on . . . 

. . .  proprietary  management  tools. 

Critics  of  the  big  systems- 
management  frameworks, 
such  as  OpenView,  Tivoli  and 
Unicenter,  often  decry  their 
complexity  and  cost.  Bill  Kar¬ 
povich,  CEO  of  Zenoss  Inc.  in 
Annapolis,  Md.,  contends  that 
his  Zenoss  Core  open-source 
tool  “is  more  simple  [and] 
more  affordable  than  HP 
OpenView”  and  “can  deliver 
80%  of  what  OpenView  can.” 
You  know  the  “affordable” 
part,  at  least,  is  true,  because 
Zenoss  Core  is  free.  The  soft¬ 
ware  does  autodiscovery  of 
what’s  on  your  network  and 
creates  an  inventory  for  your 
configuration  management 
database.  It  also  monitors 
performance  metrics  such  as 
microproces¬ 
sor  and  disk 
utilization.  In 
January,  Ze¬ 
noss  plans  to 
ship  a  plug-in 
that  will  let 
you  create 
activity  to 
simulate  how 
real  end  users 
experience 
your  system  performance.  If 
you  want  technical  support, 
Zenoss  charges  $75  annually 
for  each  device  that’s  being 
managed.  * 


DUNKLEBERGER: 

Encrypt 

everything, 

always. 


YECIES: 

ZoneAlarm 
guards  your 
credit  data. 


80% 

of  dev  tools 
will  offer  real¬ 
time  support 
by  2009, 
says  Gartner. 


KARPOVICH: 

Open  source 
for  systems 
management 
is  here. 
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Empowered  by  Innovation 


NEC 


Who  has  the  credentials  to  check  the 
credentials  of  13,000  government  employees? 


With  NEC’s  fault  tolerant  servers  achieving  up  to  99.999%  uptime, 
only  those  authorized  to  access  your  building  will  gain  access  to  your 
building.  NEC’s  proven  track  record  as  a  global  technologies  leader, 
combined  with  30  years  of  research  and  development  experience  in  the 
security  technologies  field,  offers  much-needed  assurance  in  today’s 
increasingly  unsure  times.  Continuous  security  monitoring  solutions. 

It’s  one  more  way  NEC  empowers  people  through  innovation. 


—  www.necus.com/security 
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A  Global  Airline  Tracking  40  Million  Passenger  Records. 

Running  on  Microsoft  SQL  Server  2005. 
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SAS  Scandinavian  Airlines  landed  on  Microsoft*  SQL  Server™  2005  running  on  Windows 
Server®  2003  as  the  best  way  to  consolidate  35  applications  linked  to  their  data  warehouse. 
Now  they're  able  to  track  passenger  records  24x7.  See  how  at  microsoft.com/bigdata 
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Pandemic 


demic.  “It  was  an  eye-opener  ” 
Stingl  said  of  the  presentation. 

Brad  Kowal,  associate  direc¬ 
tor  of  Shands  HealthCare’s 
data  center,  said  the  Gaines¬ 
ville,  Fla.-based  medical  center 
has  had  its  hands  full  deal¬ 
ing  with  business  continuity 
planning  aimed  at  protecting 
against  hurricanes.  “And  then 
you  throw  this  in  [and  are  told 
to]  get  it  done  by  the  second 
quarter.  It’s  literally  stun  and 
shock  for  me,”  he  said. 

A  Shared  Responsibility 

McGee  said  pandemic  plan¬ 
ning  costs  should  total  no 
more  than  5%  of  an  IT  budget, 
but  he  stressed  that  the  burden 
shouldn’t  be  absorbed  by  the 
IT  budget  alone  —  it  should  be 
shared  throughout  a  company. 

Among  the  things  compa¬ 
nies  should  do,  McGee  said,  is 
decide  whether  they  intend  to 
keep  their  data  centers  operat¬ 
ing  during  a  pandemic.  And 
then,  if  they  do  plan  to  keep  IT 
operations  going,  they  should 
consider  preparing  for  up  to  a 
12-week  quarantine. 

Gartner  recommends  that 
companies  conduct  educa¬ 
tional  sessions  with  employees 
so  they  know  how  to  prepare 
their  own  households  for  a 
pandemic.  In  the  office,  one 


IT:  Virtual  PCs  Show  Promise  but  Remain  Unproven 


LAS  VEGAS 

GARTNER  ANALYSTS  told  attendees 
at  the  consulting  firm's  annual  data 
center  conference  here  last  week 
that  virtualized  desktop  environ¬ 
ments  are  coming  and  that  the 
technology  may  even  lead  to  worker 
ownership  of  laptops. 

However,  IT  managers  here  were 
more  skeptical,  saying  that  such  a 
move  may  make  sense  in  theory  but 
current  technology  falls  short  of  their 
needs. 

Gartner  analyst  Thomas  Bittman 
said  many  companies  would  prefer 
managing  a  virtual  environment  on 
an  employee's  laptop  to  worrying 
about  all  the  other  applications  that 
may  have  been  loaded  on  a  system. 


“It’s  a  lot  harder  to  lock  down  the 
hardware  than  it  is  a  virtual  machine," 
he  said. 

Bittman  also  said  that  once  a 
company  makes  the  move  to  a  vir¬ 
tual  environment,  it  can  explore  the 
idea  of  subsidizing  employee  owner¬ 
ship  of  laptop  PCs. 

Some  attendees  agreed  that  vir¬ 
tual  PCs  could  be  more  secure  than 
current  systems  and  less  susceptible 
to  conflicts  and  problems  that  could 
arise  when  road  warriors  install  their 
own  productivity  applications  or 
games.  They  also  believe  they  might 
save  on  software  licensing  costs  if 
applications  can  be  delivered  only 
as  needed. 

“I  can  see  a  drive  toward  virtual 


desktops,"  said  Ben  Davis,  director 
of  networks  at  Matria  Healthcare  Inc. 
in  Marietta,  Ga.  Davis  added  that  vir¬ 
tual  desktops  would  give  IT  depart¬ 
ments  tighter  control  over  software. 
Today,  he  said,  if  employees  have 
PCs  at  home  and  access  to  the  cor¬ 
porate  network,  “they  basically  have 
access  to  all  of  the  network.  With 
a  virtual  desktop,  you  can  restrict 
that  access." 

But  Davis  isn’t  convinced  that  the 
technology  now  available  matches 
the  vision.  “All  I’m  hearing  is  manu¬ 
facturer  hype,"  he  said.  “It's  got  to 
mature  some." 

Dodd  Vernon,  operations  man¬ 
ager  at  Walgreen  Co.,  a  Deerfield,  Ill- 
based  pharmacy  chain  with  5,500 


stores,  agreed.  He  said  the  virtualiza¬ 
tion  of  laptop  and  desktop  environ¬ 
ments  has  been  discussed,  but  the 
technology  needs  to  be  proven 
before  his  company  takes  action. 

Thomas  O'Sullivan,  operations 
manager  at  the  Montana  Depart¬ 
ment  of  Transportation,  concurred 
with  Bittman.  “The  laptop  may  be  the 
next  logical  step,”  he  said.  O’Sullivan 
also  said  he  could  foresee  employee 
ownership  of  laptops,  noting  that 
many  already  own  the  handheld 
devices  that  they  use  for  work. 

Vernon  acknowledged  the  appeal 
of  individually  owned  PCs  with  virtual 
work  environments,  saying,  “I  think 
there  could  be  some  cost  benefit.” 

-PATRICK  THIBODEAU 


person  should  be  made  re¬ 
sponsible  for  planning,  and 
business  continuity  plans  will 
have  to  be  adapted  for  a  pan¬ 
demic,  McGee  said.  He  added 
that  IT  should  oversee  instal¬ 
lation  of  broadband  services  to 
the  homes  of  its  most  critical 
employees  but  also  assume 
that  there  may  be  failures  in 
public  networks. 

One  person  in  attendance, 
who  said  he  works  at  a  Fortune 
100  insurance  company  but 
requested  anonymity,  said  his 
company  has  taken  pandemic 
planning  seriously. 


“We  have  almost  30,000 
employees,  and  fully  a  third  of 
them  in  the  next  six  months 
will  be  able  to  work 
remotely,”  he  said. 

In  addition  to 
ensuring  that  their 
own  operations 
would  be  able  to 
continue  during  a 
pandemic,  IT  man¬ 
agers  should  also 
review  the  contin¬ 
gency  plans  of  their  vendors, 
McGee  said. 

He  added  that  vendor  con¬ 
tracts  should  include  service 


guarantees  and  “extraor¬ 
dinarily  harsh  terms  if  that 
vendor  does  not  come  through’ 
in  the  event  of  a 
pandemic. 

McGee  didn’t 
tell  attendees  that 
a  pandemic  is  in 
the  offing.  But  pan¬ 
demics  have  been 
regular  occur¬ 
rences  in  human 
history.  And  al¬ 
though  it  is  unknown  whether 
avian  influenza  will  explode 
into  a  global  pandemic,  the 
number  of  deaths  related  to  it 


are  creeping  up  —  and  more 
appear  possible  as  the  disease 
spreads.  Since  2003, 153  of  the 
258  people  diagnosed  with 
avian  flu  have  died. 

“The  point  is  [that]  the  de¬ 
gree  of  transmission  seems  to 
be  increasing  from  human  to 
human,”  McGee  said. 

Toward  the  end  of  McGee’s 
presentation,  an  electronic 
survey  asked  attendees  wheth¬ 
er  they  believe  a  bird  flu  pan¬ 
demic  will  take  place  within 
three  years.  Fifty-eight  percent 
said  yes,  25%  said  no,  and  17% 
said  they  weren’t  sure.  > 


PANDEMIC  COSTS 

S4.4T 

Estimate  of  global  loss 
-  up  to  12%  of  worldwide 
GDP  -  if  an  “ultra”  flu 


Denser  Servers  Lead  to  Increased  Demand 
For  Power  and  Cooling  in  Data  Centers 


LAS  VEGAS 

BEFORE  STARTING  construction 
of  a  new  data  center,  Steven  Olson, 
infrastructure  manager  at  the  Las 
Vegas  Review  Journal,  visited  about 
40  existing  ones  to  see  how  other 
IT  managers  approached  cooling, 
power  and  design.  "Most  people  are 
happy  to  let  you  in,"  he  said. 

Olson's  employer,  which  operates 
a  chain  of  newspapers,  needed  the 
new  IT  facility  to  meet  the  needs  of 
its  businesses,  including  an  urgent 
requirement  to  upgrade  and  improve 
failing  power  systems.  After  his  pre¬ 
sentation  at  the  Gartner  data  center 
conference  here,  Olson  was  pep¬ 


pered  with  questions  by  a  group  of 
attendees  who  sought  details  about 
his  company’s  data  center,  which 
was  completed  last  spring. 

They  weren’t  idle  questions. 


HOT  DATA  CENTER  TOPICS 

The  bad  news:  By  2008, 

half  of  existing  data  centers  will 
have  insufficient  power  and  cool¬ 
ing  capacity  for  high-density  IT 
equipment. 

The  good  news:  By  2011, 

more  efficient  power  and  cooling 
management  systems  will  be  in 
wide  use. 


Gartner  estimates  that  by  2008, 
about  half  of  the  world’s  data  centers 
will  have  insufficient  power  and  cool¬ 
ing  capacity  to  handle  high-density 
servers.  Indeed,  many  IT  managers 
at  the  conference  said  they  were 
planning  or  building  new  data  centers, 
leasing  additional  space,  or  expand¬ 
ing  or  retrofitting  an  existing  facility. 

Mike  Curtright,  data  center  super¬ 
visor  at  Pemco  Insurance  Co.  in  Seat¬ 
tle,  said  his  company  recently  signed 
a  long-term  lease  for  data  center 
space  in  a  facility  built  during  the  dot¬ 
com  era.  Originally  a  mainframe  shop, 
Pemco  has  been  moving  to  dense 
blade  servers.  But  while  many  appli¬ 


cations  have  been  migrated  from  the 
mainframe  to  the  blade  systems,  not 
all  are  being  moved,  because  power 
and  cooling  demands  are  increasing. 
“We’re  running  out  of  chilling  capac¬ 
ity,"  Curtright  said. 

Data  center  managers  must  also 
decide  which  technologies  to  use 
to  power  and  cool  their  systems. 
There's  an  assortment  of  approaches 
to  choose  from,  but  some  are  still 
very  new. 

For  instance,  Barclays  Capital,  a 
division  of  Barclays  Bank  PLC  in  Lon¬ 
don,  is  using  a  carbon  dioxide  system 
to  chill  some  of  its  servers.  Paul  Flatt, 
a  consultant  who  is  working  on  the 
project,  said  that  although  the  C02 
system  is  more  expensive  than  a 
water-based  one,  it’s  more  resilient 
and  efficient. 


There  are  even  cooling  technolo¬ 
gies  that  spray  a  nonconductive  agent 
directly  onto  processors  to  prevent 
them  from  overheating. 

But  Gary  Comens,  IT  manager  at 
Raytown  School  District  in  Missouri, 
said  he  will  approach  these  new  cool¬ 
ing  technologies  cautiously.  “I  don’t 
know  if  we  know  what  the  long-term 
effects  are  of  using  these  new  sub¬ 
stances  on  computer  chips,”  he  said. 

Another  approach,  computational 
fluid  design,  is  being  used  by  data 
center  managers  to  eliminate  hot 
spots  by  examining  airflows  and  re¬ 
locating  servers  to  the  best  possible 
sites  within  IT  facilities,  said  Jack 
Funchion,  a  project  manager  at  Align 
Communications  Inc.,  a  data  center 
design  firm  in  New  York. 

-  PATRICK  THIBODEAU 
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SETTLE  FOR  EVERYTHING  WITH  NETAPP. 


Engineer  or  CEO,  we  don’t  compromise  on  your  data  center  storage  solution,  so  you  don’t  have  to  either.  That’s  why  we  have 
over  5,000  enterprise  deployments  and  counting.  With  NetApp,  backups  don’t  affect  system  performance  or  capacity,  so 
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you  can  run  them  more  often  to  better  protect  your  data.  And  instant  recovery  from  application  failures  allows  you  to  meet  _  ,  ;§j 

your  most  stringent  SLAs.  Add  to  that  the  lowest  TCO  in  the  industry,  and  it’s  no  wonder  that  we’re  trusted  by  the  world’s 

greatest  companies.  It’s  what  we  live  for.  We’ll  smile  when  you  have  the  right  storage  solution  for  your  enterprise  applications.  Sil 

Embracetheuncontrollablegrinatwww.netapp.com/bizapps  <!;>>$ 


©  2006  Network  Appliance.  Inc.  All  rights  reserved.  Specifications  subject  to  change  without  notice.  NetApp  and  the  Network  Appliance  logo  are  registered  trademarks  and  Network  Applian^piS  a  tradorciarlju^ui^ 
of  Network  Appliance,  Inc.  in  the  U.S.  and  other  countries.  All  other  brands  or  products  are  trademarks  or  registered  trademarks  of  their  respective  holders  and  should  be  treated  as  such.'1' 
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ENTERPRISE  STORAGE  FOR  ALL  BUSINESS  APRS. 

INSTANT  DATA  RECOVERY. 

RAPID  SMILE  DEPLOYMENT. 
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Open  Dialogue: 

How  Microsoft  and  Massachusetts 

Defused  a  Political  Battle  Over  ODF 


E-mails  show  that  the  vendor  lobbied 
tor  hardball  legislation  over  the  file 
format  controversy  and  then 
backed  off.  By  Carol  Sliwa 

LESS  than  a  week  after  he  became  CIO  of 
Massachusetts  last  February,  Louis  Guti¬ 
errez  sensed  a  serious  threat  to  his  power 
—  one  that  was  being  promoted  by  a 
seemingly  unlikely  source.  Within  a  mat¬ 
ter  of  days,  Gutierrez  confirmed  that  Brian  Burke, 
Microsoft  Corp.’s  government  affairs  director  for 
the  Northeast,  had  been  backing  an  amendment  to 
an  economic  stimulus  bill  that  would  largely  strip 
the  Massachusetts  Information  Technology  Divi¬ 
sion  of  its  decision-making  authority. 


For  Microsoft,  the  call 
to  arms  had  sounded  sev¬ 
eral  months  earlier,  when  the 
state’s  IT  division  surprised 
the  company  with  a  contro¬ 
versial  decision  to  adopt  the 
Open  Document  Format  for 
Office  Applications,  or  ODF,  as 
its  standard  file  format.  Even 
worse,  from  Microsoft’s  per¬ 
spective,  the  policy  stipulated 
that  new  desktop  applications 
acquired  by  state  agencies  fea¬ 
ture  built-in  support  for  ODF, 
a  standard  developed  and 
promoted  by  some  of  its  rivals 
—  most  prominently,  IBM  and 
Sun  Microsystems  Inc. 

The  amendment  Burke  was 
promoting  had  the  potential  to 
stop  the  ODF  policy  dead  in  its 
tracks  by  giving  a  government 
task  force  and  the  secretary  of 
state’s  office  approval  rights  on 
IT  standards  and  procurement 
policies.  Gutierrez,  who  re¬ 


signed  last  month  over  a  fund¬ 
ing  dispute  that  appeared  to 
be  unrelated  to  the  ODF  con¬ 
troversy,  clearly  was  rankled 
by  Burke’s  involvement  with 
the  amendment.  Yet  he  made 
no  attempt  to  shut  the  door  on 
Microsoft.  On  the  contrary,  he 
did  the  opposite. 

“While  Brian  will  never  be 
welcome  in  my  office,  Micro¬ 
soft,  of  course,  will  remain 
so,”  Gutierrez  wrote  to  Alan 
Yates,  a  general  manager  in  the 


company’s  informa¬ 
tion  worker  product 
management  group, 
in  an  e-mail  mes¬ 
sage  that  detailed 
what  he  had  learned 
about  Burke’s  lob¬ 
bying. 

The  message,  sent 
on  March  3,  is  one 
of  more  than  200 
e-mails  and  at¬ 
tached  documents 
obtained  by  Com¬ 
puter-world.  under 
the  Massachusetts 
Public  Records  Law.  The 
e-mails  provide  a  behind-the- 
scenes  look  at  some  of  the 
hardball  tactics  used,  compro¬ 
mises  considered  and  prickly 
negotiations  that  ensued  as 
Gutierrez  and  Yates  each  tried 
to  deal  with  the  ramifications 
of  the  first-of-its-kind  policy 
calling  for  state  agencies  to 
adopt  ODF  by  Jan.  1, 2007. 

The  topic  of  document  for¬ 
mats  may  have  an  arcane  air 
to  it,  but  it  matters  deeply  to 
the  world’s  richest  software 
company.  Document  formats 
have  played  a  critical  role  in 
helping  Microsoft  to  secure 
and  maintain  its  dominance 
of  the  office-productivity  ap¬ 


plications  market, 
with  more  than  400 
million  users  of 
its  Office  software 
worldwide. 

“It  wasn’t  the 
only  reason  that 
people  standard¬ 
ized  on  Microsoft 
Office,  but  it  was 
the  main  reason,” 
said  Michael  Silver, 
an  analyst  at  Gart¬ 
ner  Inc. 

When  Massachu¬ 
setts  committed 
to  its  ODF  policy,  migrating 
away  from  Office  appeared  to 
be  the  only  way  that  executive- 
branch  agencies  could  comply. 
Microsoft  had  spurned  the 
state’s  requests  to  engineer 
ODF  support  directly  into 
Office,  complaining  in  a  6,425- 
word  document  sent  to  the  IT 
division  in  November  2005 
that  the  open  standard  was 
“nascent  and  immature.” 

The  company  argued  that 
its  new  Office  Open  XML 
format  also  merited  inclu¬ 
sion  in  Version  3.5  of  the  IT 
division’s  Enterprise  Technical 
Reference  Model  (ETRM),  the 
newly  minted  open  standards 
blueprint  for  state  agencies. 


Microsoft  even  took  the  rare 
step  of  submitting  Open  XML 
to  the  ECMA  International 
standards  body  in  an  attempt 
to  show  that  its  format  would 
pass  muster  as  “open.”  But 
to  Microsoft’s  chagrin,  Mas¬ 
sachusetts  issued  only  a  non¬ 
committal  statement  of  opti¬ 
mism  that  Open  XML  would 
someday  meet  its  standards. 

Worldwide  Impact 

Microsoft’s  concerns  extended 
well  beyond  Massachusetts. 
Yates  told  Gutierrez  in  one 
e-mail  that  the  state’s  mandate 
carried  “a  lot  of  weight”  with 
public  policy  makers  around 
the  world.  And  he  repeatedly 
complained  in  his  messages  to 
the  CIO  that  Microsoft’s  rivals 
were  misrepresenting  the  state 
as  the  “reference  case  for  a 
mandatory  ODF-only  policy,” 
rather  than  stating  its  broader 
goal  of  embracing  open  stan¬ 
dards  in  general. 

“We  think  the  common 
external  view  is  that  the  cur¬ 
rent  policy  is  etched  in  stone 
and  [that]  Microsoft  products 
and  technology  are  shut  out  of 
the  Commonwealth  unless  we 
agree  to  neuter  our  products 
for  awhile,”  Yates  wrote  to 
Gutierrez  in  April. 

The  fact  that  the  ODF  policy 
threatened  Microsoft’s  busi¬ 
ness  interests  wasn’t  lost  on 
Eric  Kriss,  who  had  paved 
the  way  for  its  adoption  while 
serving  as  a  cabinet  secretary 
under  Massachusetts  Gov. 

Mitt  Romney.  In  an  interview, 
Kriss  said  he  wasn’t  surprised 
by  “the  aggressiveness”  that 
Microsoft  showed  both  public- 


COMING  TO  TERMS 

1  believe  I've  had 
enough.  You  all  do 
what  you  need  to  do.  We’ll 
do  what  we  need  to  do. 

FROM  AN^pRIL  8  E-MAIL  FROM  LOUIS  GUTI- 
'  ERREZv  THENTHECIO  OF  MASSACHUSETTS, 

!c  Microsoft  executive  alan  yates 

l _ ; _ : _ : _ i _ 

We  disagree  with  the  governor’s 
mandatory  ODF  policy  as  much 
as  ever,  but  also  respect  your  position 
and  approach  to  the  future;  and  will  no 
longer  argue  our  case  for  legislation. 

FROM  A  MESSAGE  THAT  YATES  SENT  TO  GUTIERREZ  ON  APRIL  11 

_ _ _ _ u 

As  he  made  a  last- 
ditch  attempt  at  com¬ 
promise,  LOUIS  GUTI¬ 
ERREZ  told  Microsoft’s 
Alan  Yates,  “I  begin 
to  let  go  of  hope  for 
a  quiet,  bilateral  and 
pragmatic  resolution 
of  this  matter.” 
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Microsoft  Gets  Help  From  Both 
Sides  of  the  Aisle  on  Lobbying; 


BRIAN  BURKE,  the  Microsoft  official  who  was 
barred  from  former  Massachusetts  CIO  Louis 
Gutierrez's  office  because  of  his  lobbying  activities, 
is  one  of  a  cadre  of  well-connected  Democrats  on 
the  company's  payroll  in  the  state. 

Burke  served  in  senior  government  positions  in  the  Clin¬ 
ton  administration  and  later  worked  on  the  Kerry/Edwards 
presidential  campaign  prior  to  joining  Microsoft  as  its  gov¬ 
ernment  affairs  director  for  the  Northeast. 

Massachusetts  public  records  show  that  Burke  regis¬ 
tered  with  the  state  as  a  lobbyist  for  Microsoft  last  year. 
Under  “activity  performed,"  Burke  listed  96  pending 
pieces  of  legislation  as  well  as  Version  3.5  of  the  state’s 
Enterprise  Technical  Reference  Model.  Burke  did  not 
register  as  a  lobbyist  this  year  because  he  didn't  meet  the 
hourly  threshold  that  would  have  required  him  to  do  so, 
according  to  a  Microsoft  spokeswoman. 

Another  influential  Democrat  who  has  done  significant 
work  for  Microsoft  on  a  contract  basis  is  John  E.  “Jack'' 
Murphy  Jr.  A  former  state  representative  with  close  ties  to 
leaders  of  the  Democrat-dominated  legislature,  Murphy 
heads  one  of  the  highest-paid  lobbying  groups  in  Mas¬ 
sachusetts.  The  8837,850  in  lobbying  fees  that  his  firm 
collected  last  year  included  860,000  from  Microsoft, 
matching  the  maximum  it  was  paid  by  any  client. 

Weighing  in  from  the  Republican  side  with  arguments 
favorable  to  Microsoft's  position  on  the  ODF  issue  were 
Washington-based  lobbying  groups  such  as  Americans  for 
Tax  Reform.  ATR  is  headed  by  conservative  activist  Grover 
Norquist,  who  was  once  a  registered  federal  lobbyist  for 
Microsoft  and  has  close  ties  to  the  Bush  administration. 

Norquist  told  Computerworld  that  ATR  sent  two  letters 
to  Gov.  Mitt  Romney,  a  conservative  Republican  with 
presidential  aspirations,  to  share  its  concerns  that  the 
state  hadn’t  done  a  cost-benefit  analysis  on  ODF  and 
might  violate  intellectual  property  rights  if  it  moved  to 
open-source  software. 

E-mail  records  released  in  mid-October  by  the  U.S. 
Senate  Finance  Committee  as  part  of  a  600-page  report 
show  that  Microsoft  had  paid  ATR  in  the  past.  The  report 
questions  the  tax-exempt  status  of  organizations  such  as 
ATR  and  examines  its  ties  to  convicted  federal  lobbyist 
Jack  Abramoff,  a  longtime  Norquist  associate.  E-mails 
included  in  the  report  indicate  that  Abramoff  channeled 


money  to  ATR  and  other  nonprofit  groups  in  return  for 
their  advocacy  on  issues. 

According  to  the  report,  on  March  10, 1996,  Abramoff 
wrote  to  Bruce  Heiman,  a  colleague  at  Preston  Gates 
&  Ellis  LLP,  that  Microsoft  was  “supposed  to  be  paying 
[Norquist]  8120k  for  this  year  (810k  a  month)”  and  that 
“these  lack  of  payments  are  really  disgusting."  After  re¬ 
ceiving  a  reminder  letter  from  Heiman  on  March  26,  Jack 
Krumholtz,  Microsoft’s  managing  director  of  federal  gov¬ 
ernment  affairs,  wrote  to  Heiman,  “A  check  for  860k  was 
mailed  on  3/26;  he  should  have  it  any  day.  I  forwarded  the 
new  invoice  to  Redmond  and  it’s  been  processed.” 

The  report  was  prepared  by  the  committee’s  Demo¬ 
cratic  staff  but  couldn’t  have  been  released  without  the 
Republican  leadership's  consent,  according  to  a  Finance 
Committee  staffer  who  said  the  document  has  been  re¬ 
ferred  to  officials  at  the  Justice  and  Treasury  departments. 

ATR  spokesman  John  Kartch  said  Norquist  worked  as 
a  consultant  to  Microsoft  for  two  years  in  the  mid-1990s, 
"offering  strategic  advice  on  working  in  Washington.”  The 
e-mails  included  in  the  report  “refer  to  his  work  with  Mi¬ 
crosoft  back  then,”  Kartch  said. 

Ginny  Terzano,  a  Microsoft  spokeswoman,  said  the 
e-mails  “are  exchanges  that  took  place  10  years  ago”  and 
are  “very  unrelated"  to  the  ODF  issue  in  Massachusetts. 

She  wouldn’t  comment  on  whether  Microsoft  provided 
funding  to  ATR  last  year  but  said  the  company  currently 
isn’t  a  sponsor  of  the  group  and  “did  not  specifically  work 
with"  ATR  on  ODF-related  lobbying. 

In  Massachusetts,  Sun  and  IBM  also  did  their  fair  share 
of  lobbying  in  an  attempt  to  make  sure  that  the  state's  IT 
division  had  no  cause  to  waver  from  its  ODF  policy. 

Sean  Curran,  a  lobbyist  at  Waterville.Consulting  LLC, 
which  has  offices  in  Boston  and  in  Albany,  N.Y.,  received 
860,000  in  fees  from  Sun  last  year,  according  to  Mas¬ 
sachusetts  state  records.  On  March  11  of  this  year,  Curran 
sent  out  an  e-mail  update  on  the  activiiies  of  Microsoft 
and  other  opponents  of  the  state’s  ODF  policy  who  w$re'  / 


of  the  IT  division's  decision-making  authority. 

“We  will  be  fighting  this  until  the  amendment  is  dead," 
Curran  wrote  to  Doug  Johnson,  a  program  manager  in 
Sun's  corporate  standards  group,  and  to  Gutierrez. 

-  CAROL  SLIWA 


ly  and  privately  in  pursuing  its 
opposition  to  the  ODF  policy. 

“I  think  Microsoft  took  a 
good  run  at  trying  to  change 
the  world  as  opposed  to  trying 
to  change  [itself],”  Kriss  said. 
‘And  you  expect  to  get  the 
shock  and  awe  when  that  hap¬ 
pens.  That’s  what  we  got.” 

Kriss,  who  left  his  post  as 
secretary  of  administration 
and  finance  shortly  after  Ver¬ 
sion  3.5  of  the  ETRM  was 
issued  in  September  2005, 
instigated  the  open-standards 
policy  based  on  the  belief  that 
public  documents  shouldn’t  be 
tied  to  a  single  vendor’s  pro¬ 
prietary  document  format. 

He  was  no  stranger  to  tech¬ 
nology  himself.  Following 
a  prior  stint  as  the  state’s  fi¬ 
nance  secretary,  Kriss  became 
CEO  of  MediQual  Systems 
Inc.,  a  database  developer  with 
products  based  on  Microsoft’s 
FoxPro  software.  He  left 
MediQual  in  1998  to  start  his 
own  business,  Workmode  Inc., 
which  uses  open-source  soft¬ 
ware  to  develop  Web-based 
business  applications.  He 
makes  no  secret  of  his  belief 
that  governments  eventually 
will  move  to  open  source. 

Not  Anti-Microsoft 

But  Kriss  insisted  that  the 
ODF  policy  wasn’t  intended 
to  be  anti-Microsoft.  He  said 
technical  people  at  Microsoft 
told  him  it  would  be  “trivial” 
to  add  support  for  ODF  to  the 
new  Office  2007.  The  resis¬ 
tance  to  doing  so  came  from 
the  vendor’s  business  side,  ac¬ 
cording  to  Kriss. 

Yates  told  Computerworld 
in  an  interview  last  month 
that  ODF  “came  up  late  in  the 
development  process  for  Of¬ 
fice  2007”  and  that  the  standard 
“really  isn’t  finished.”  He  also 
said  Microsoft  was  “surprised” 
when  Massachusetts  issued 
the  ODF  mandate  and  dropped 
what  he  claimed  was  an  earlier 
agreement  for  the  state  to  ac¬ 
cept  Office  file  formats  as  be¬ 
ing  open  (see  article,  page  20). 

As  part  of  his  e-mail 
exchanges  with  Gutierrez, 
Yates  didn’t  deny  Burke’s  in¬ 
volvement  in  promoting  the 
amendment  sponsored  by 
state  Sen.  Michael  Morrissey 
that  sought  to  take  away  much 


of  the  IT  division’s  decision¬ 
making  authority. 

“I  am  certain  that  Brian 
was  involved,”  Yates  wrote  to 
Gutierrez  in  response  to  the 
CIO’s  March  3  message  about 
Burke’s  role  in  lobbying  for 
the  amendment.  But  Yates 
claimed  that  Burke’s  inten¬ 
tion  was  “to  have  a  ‘vehicle’  in 
the  legislature”  to  address  a 
policy  that  Microsoft  viewed 
as  “unnecessarily  exclusion¬ 
ary.”  Burke’s  aim  was  “not 
specifically  to  transfer  agency 
authority,”  Yates  wrote. 

He  also  asserted  that  the 
Morrissey  amendment  “was 
developed  and  is  promoted 
by  others  who  were/are  very 
inflamed  by  your  predecessors’ 
handling  of  many  things.”  The 
predecessors  Yates  referred  to 
were  Kriss  and  Peter  Quinn, 
who  was  CIO  before  Gutierrez 
and  had  cited  the  Morrissey 
amendment  as  one  of  the 
contributing  factors  when  he 
resigned  last  January. 

During  his  interview  with 
Computerworld,  Yates  was 
adamant  that  neither  Micro¬ 
soft  nor  anyone  on  its  payroll 
had  authored  the  amendment. 
In  response  to  questions  about 
the  company’s  lobbying  ac¬ 
tivities,  he  said,  “At  the  time, 
our  public  affairs  people  were 

—  you  can  call  it  lobbying 

—  but  they  were  in  fact  trying 
to  educate  people  to  the  real 
issues  in  the  mandate  for  ODF. 
And  we  were,  yes,  arguing 
against  it  —  absolutely.” 

The  situation  started  to 
change  in  late  March  and  early 
April,  however.  A  March  30 
e-mail  from  Yates  indicated 
that  he  had  received  a  phone 
call  from  Gutierrez  and  that 
the  CIO  wasn’t  happy.  Yates 
wrote  that  he  had  spoken  with 
Burke  after  Gutierrez  called, 
“and  ALL  activity  in  and  around 
the  capitol  building  next  week 
is  now  being  canceled.” 

By  that  time,  discussions 
geared  toward  a  compromise 
were  in  full  swing  between 
the  two  men.  Gutierrez,  who 
declined  to  comment  for 
this  story,  was  dogged  in  his 
quest  for  an  Office  software 
plug-in  that  could  translate 
documents  into  and  out  of 
ODF.  That  would  spare  him 
the  trouble  of  having  to  plot 


a  potentially  costly  and  time- 
consuming  migration  of  tens 
of  thousands  of  PCs  to  applica¬ 
tions  with  built-in  ODF  sup¬ 
port,  such  as  IBM’s  Workspace, 
Sun’s  StarOffice  and  the  open- 
source  OpenOffice.org  suite. 

He  also  hoped  the  plug-in 
approach  would  satisfy  advo¬ 
cates  for  the  blind  and  visually 
impaired  who  had  raised  con¬ 
cerns  that  the  most  popular 
software  products  for  reading 
and  magnifying  computer 


screens  don’t  work  as  well 
with  ODF-supporting  applica¬ 
tions  as  they  do  with  Office. 
Some  advocates  had  threat¬ 
ened  to  file  lawsuits  based  on 
federal  antidiscrimination 
laws  if  the  state  moved  to  soft¬ 
ware  that  was  inaccessible  to 
people  with  disabilities. 

Gutierrez  first  broached 
the  subject  of  a  “save-to-ODF” 
plug-in  in  a  Feb.  17  e-mail  to 
Yates.  A  subsequent  message 
from  Gutierrez  on  March  31 


indicated  that  Microsoft  had 
“committed”  to  Thomas  Tri- 
marco,  Kriss’  successor  as 
the  state’s  administration  and 
finance  secretary,  that  it  would 
be  willing  to  work  with  a  third 
party  to  “technically  cooper¬ 
ate,  and  possibly  financially 
cooperate”  on  creating  n  ODF 
converter  plug-in  for  Office. 

In  early  April,  Gutierrez 
signaled  that  he  was  willing 
to  consider  a  memorandum  of 
Continued  on  page  20 
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.INFRASTRUCTURE  LOG 

_DAY  45:  These  underutilized  storage  boxes  have  proliferated 
exponentially.  Their  inability  to  share  capacity  has 
doomed  us.  We’re  trapped  in  a  maze  of  our  own  creation. 

-DAY  47:  I  tried  to  give  Gil  a  boost  over  this  wall,  but 
he  pulled  a  hammie. 

-DAY  48:  I’ve  taken  back  control  with  IBM  System  Storage™ 
SAN  Volume  Controller.  It  puts  my  entire  storage  universe 
into  a  simple,  virtualized  pool.  And,  unlike  EMC,  IBM  has 
fourth-generation  virtualization  technology  and  over  2,000 
customers.  I  am  seeing  results. 

-Productivity  is  up.  Utilization  is  up.  I.T.  guys  lost  in 
mazes  of  data  is  down. 
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Continued  from  page  17 
understanding  that  Microsoft 
had  drafted.  The  company 
said  it  would  publicly  commit 
to  financially  supporting  the 
development  of  third-party 
ODF  conversion  tools.  In  re¬ 
turn,  Massachusetts  would  an¬ 
nounce  that  Open  XML  met  its 
criteria  to  qualify  as  an  open 
format  and  merited  inclusion 
in  future  ETRM  revisions, 
pending  the  technology’s 
sanction  by  an  international 
standards  body. 

Microsoft  went  so  far  as  to 
prepare  a  draft  press  release 
announcing  the  agreement. 

But  Gutierrez  wrote  to  Yates 
that  he  viewed  “Draft  1”  of  the 
memorandum  of  understand¬ 
ing  as  “a  bit  of  a  slap.” 

No  ‘Chest  Thumping’ 

At  9:27  p.m.  Eastern  Time  on 
Friday,  April  7,  Gutierrez  sent 
a  message  to  Yates  offering  an 
“alternative  formulation,”  writ¬ 
ing  that  he  would  “avoid  any 
chest  thumping  or  anything 
that  smacks  of  nongracious 
support  for  a  Microsoft  ODF 
conversion  commitment.” 

Gutierrez  added  that,  con¬ 
tingent  on  the  delivery  of  a 
working  ODF  converter  that 
was  either  inexpensive  or  free 
to  government  users,  the  state 
would  “essentially  say  ‘this 
war  is  over’  and  we  look  for¬ 
ward  to  long-term  use  of  com¬ 
petitive  office  suites,  including 
Microsoft  Office.” 

The  discussions  broke 
down,  though.  “I  believe  I’ve 
had  enough,”  Gutierrez  wrote 
to  Yates  on  April  8.  “You  all  do 
what  you  need  to  do.  We’ll  do 
what  we  need  to  do.” 

The  next  day,  a  Sunday, 
Gutierrez  offered  one  last  gasp 
at  a  compromise,  repeating  his 
previous  offer  “even  as  I  begin 
to  let  go  of  hope  for  quiet,  bi¬ 
lateral  and  pragmatic  resolu¬ 
tion  of  this  matter.” 

Yates  responded  on  the 
evening  of  April  11.  First,  he 
told  Gutierrez  that  Microsoft 
thought  “a  public  announce¬ 
ment  in  the  current  environ¬ 
ment  probably  was  not  a  good 
step  for  either  of  us.  It  would 
just  be  too  easy  to  ‘spin’  such 
an  announcement  in  a  nega¬ 
tive  way  against  us  or  you.” 

Yates  added  that  Microsoft 
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State’s  Snub  on  File  Formats 
Caught  Microsoft  by  Surprise 


CC0RDIN6  TO  AN  E-MAIL  written  by  a 
Massachusetts  official,  Microsoft  was  given  just 
over  30  days  advance  warning  that  the  state’s  IT 
division  wouldn't  be  including  Office  Open  XML 
as  an  acceptable  file  format  in  a  draft  of  Version  3.5  of  its 
open-standards  blueprint  posted  online  on  Aug.  31, 2005. 

Linda  Hamel,  the  IT  division’s  general  counsel,  sent 
the  e-mail  on  Aug.  1  of  last  year  to  then-CIO  Peter  Quinn 
and  his  boss,  Eric  Kriss,  who  was  the  state’s  secretary  of 
administration  and  finance.  Hamel  said  she  had  spoken 
with  Erich  Anderson,  a  lawyer  for  Microsoft’s  desktop 
division,  about  a  July  28  meeting  at  which  state  officials 
delivered  the  news  on  Open  XML  to  the  company. 

During  their  telephone  call,  Anderson  indicated  that 
he  was  “quite  surprised"  to  hear  of  the  plans  to  adopt 
the  Open  Document  Format  for  Office  Applications  as 
a  standard,  given  Microsoft's  “prior  attempts  to  accom¬ 
modate”  the  state  on  its  formats,  Hamel  wrote.  She 
added  that  Anderson  asked  why  the  state  “had  a  change 
of  heart”  about  Open  XML  after  listing  it  as  acceptable  in 
a  draft  of  Version  3.0  of  the  Enterprise  Technical  Refer¬ 
ence  Model  blueprint  in  March  2005. 

Hamel  wrote  that  she  told  Anderson  the  decision  was 
the  result  of  public  comments  received  after  the  post¬ 
ing  of  the  ETRM  3.0  draft  and  discussions  at  the  Open 
Format  Summit  the  IT  unit  had  held  in  June.  She  also 
cited  the  state's  “need  to  ensure  that  documents  remain 
readable  over  the  long  term  as  the  technology  evolves, 
independent  of  specific  vendors." 

The  IT  division  deleted  the  entire  section  on  data  for¬ 
mats  from  ETRM  3.0  before  publishing  the  final  version 
in  May  2005.  But  in  ETRM  3.5,  the  formats  section  was 
restored  and  listed  ODF  and  Adobe  Systems  Inc.’s  Por¬ 
table  Document  Format  as  meeting  the  state's  criteria. 

Alan  Yates,  general  manager  of  business  strategy  in 


Microsoft’s  information  worker  product  group,  said  last 
month  that  the  company  thought  it  had  addressed  the 
concerns  of  state  officials  about  its  formats. 

“We  had  an  agreement,”  Yates  said,  “that  our  chang¬ 
ing  the  license  for  our  [Office]  2003  open  file  format  was 
what  they  wanted,  and  they  posted  that  on  their  Web 
site.  They  said,  ‘That’s  what  we  were  looking  for  in  open¬ 
ness  for  a  format.’  And  then  when  they  made  the  ODF 
mandate,  that  changed  immediately.  That  surprised  us.” 

But  Kriss,  who  oversaw  the  IT  division  and  instigated 
the  adoption  of  the  state’s  ODF  policy,  said  last  week 
that  he  doesn't  see  how  Microsoft  could  have  been 
surprised.  He  said  that  Microsoft’s  agreement  to  amend 
its  license  briefly  appeared  to  meet  the  state's  criteria  for 
openness  but  that  Massachusetts  officials  continued  to 
wrestle  with  issues  involving  the  company's  patents. 

“At  every  step  along  the  way,  we  were  extremely  clear," 
telling  Microsoft  that  the  state  wanted  it  to  drop  any  right 
to  assert  patent  claims  on  its  file  formats,  Kriss  said.  He 
added  that  he  was  in  the  room  for  every  significant  con¬ 
versation  with  Microsoft.  “It  was  conducted  completely 
above-board,"  he  said.  “That's  just  the  way  I  am.” 

E-mails  obtained  by  Computerworld  show  that  state 
officials  also  held  discussions  with  Sun  Microsystems 
about  its  intellectual  property  rights  with  respect  to  ODF. 

In  a  message  dated  July  22, 2005,  Sun’s  Jonathan 
Nimer  notified  the  state  that  the  company  was  “just 
about  finished  with  preparing  a  statement  about  not 
asserting  our  patents,  subject  to  reciprocity,  concerning 
the  OpenOffice.org  XML"  file  format  specification.  State 
records  show  Nimer  sent  the  statement  on  Aug.  1. 

Eight  days  later,  Hamel  informed  various  IT  division 
colleagues  via  e-mail  that  Sun’s  covenant  "fully"  satis¬ 
fied  any  legal  concerns  she  had. 

-  CAROL SLIWA 


would  no  longer  pursue  “legis¬ 
lative  action”  against  the  ODF 
policy  because  that  approach 
had  created  “such  friction” 
with  the  state’s  IT  division, 
Trimarco  and  Romney. 

“We  disagree  with  the  gov¬ 
ernor’s  mandatory  ODF  policy 
as  much  as  ever,”  Yates  wrote, 
“but  also  respect  your  position 
and  approach  to  the  future; 
and  will  no  longer  argue  our 
case  for  legislation  —  simply 
based  on  the  constructive 
communication  with  you.” 

In  his  interview  with  Com¬ 
puterworld,  Yates  said,  “There 
was  a  time  when  we  just 
stopped  because  we  felt  that 
at  that  point,  the  decision¬ 
makers  in  Massachusetts  did 
understand  the  issues  and 
were  acting  reasonably  and  ra¬ 
tionally,  and  things  would  take 
care  of  themselves  over  time.” 

An  April  21  e-mail  from 
Yates  to  Gutierrez  said  Micro¬ 
soft’s  “senior  government  lead¬ 
ers”  were  encouraged  to  hear 
that  the  CIO  had  given  the  go- 
ahead  to  distribute  an  internal 
memo  about  a  new  Enterprise 
Agreement  the  Massachusetts 
Operational  Services  Division 
had  negotiated  with  Micro¬ 
soft.  The  contract  enables  the 
state  as  well  as  municipalities 
to  buy  Microsoft  products  at 
discounted  prices.  Last  year,  a 
total  of 

$5.8  million  was  spent  under  a 
previous  deal. 

“As  always,  please  let  me 
know  if  there  is  anything  hap¬ 
pening  locally  that  causes 
you  concern,”  Yates  wrote  in 
closing  to  Gutierrez.  “I  assume 
that  everyone  on  the  ground 
in  MA  for  MSFT  is  acting  ac¬ 
cording  to  my  directions  as  I 
communicated  to  you.” 

Gutierrez  told  Yates  in  re¬ 
sponse  that  Microsoft’s  prom¬ 
ise  to  stop  lobbying  for  the 
amendment  aimed  at  the  IT 
division  had  “already  helped.” 
He  wrote  that  if  the  Morrissey 
amendment  or  a  version  of  it 
was  approved,  “my  responses 
will  be  as  immediate,  sharp 
and  unsparing  as  committed 
earlier.  But  that  is  a  precaution 
that  I  trust  is  more  formality 
than  substance  at  this  point.” 

The  Massachusetts  legisla¬ 
ture  approved  the  economic 
stimulus  bill  in  June  without 


the  amendment.  In  early  July, 
Microsoft  announced  that 
it  was  sponsoring  an  open- 
source  project  to  develop  an 
Office  plug-in  for  translating 
files  between  Open  XML  and 
ODF.  And  Gutierrez  formally 
announced  on  Aug.  23  that  the 
state  at  least  initially  would 
adopt  a  plug-in  strategy  to 
fulfill  the  ODF  policy.  By  then, 
he  had  no  need  to  rely  solely 
on  the  fruits  of  the  Microsoft- 
backed  project.  Plug-ins  also 
had  been  submitted  to  the 
state  for  testing  by  Sun  and  the 
OpenDocument  Foundation. 

The  tortuous  process  that 
played  out  in  Massachusetts  is 
starting  to  have  an  effect  well 
beyond  the  state’s  borders.  For 
example,  without  the  plug-in 
approach,  Belgium’s  national 


government  wouldn’t  be  able 
to  meet  ODF  adoption  dead¬ 
lines  that  are  due  to  begin  tak¬ 
ing  effect  next  September,  said 
Peter  Strickx,  chief  technology 
officer  at  the  Belgian  Federal 
Civil  Service’s  Information 
and  Communication  Technol¬ 
ogy  Division  in  Brussels. 

Like  Massachusetts,  Bel¬ 
gium  is  taking  a  wait-and-see 
approach  toward  Open  XML. 
‘The  objective  is  interoperabil¬ 
ity,”  Strickx  said.  But  he  added 
that  the  government  doesn’t 
plan  to  migrate  its  entire  user 
base  away  from  Office.  “That’s 
between  60,000  and  80,000 
users,”  he  noted.  “We’re  in 
a  very  tight  budgetary  situa¬ 
tion,  so  we  cannot  ask  the  IT 
managers  to  spend  even  more 
on  something  that  in  their 


opinion  doesn’t  bring  any  real 
business  value.” 

When  Gutierrez  announced 
his  resignation  as  Massachu¬ 
setts  CIO  in  early  October,  he 
cited  the  legislature’s  failure  to 
pass  a  bond  bill  that  included 
funding  for  key  IT  projects. 
Since  the  bill  also  would  have 
funded  non-IT  projects,  the 
stall  didn’t  appear  to  be  di¬ 
rectly  tied  to  any  remaining 
opposition  to  the  ODF  policy. 

Ironically,  on  Nov.  2,  Gutier¬ 
rez’s  last  day  as  CIO,  Microsoft 
announced  an  agreement  with 
Novell  Inc.  that  included  a 
pledge  to  cooperate  on  devel¬ 
opment  of  translation  software 
to  improve  the  way  ODF  and 
Open  XML  work  together. 

What  a  difference  nine 
months  had  made.  * 
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only  the  software  you  need  now,  SAP  is  for  great 
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ialesforce.com  Expands  Its  Integration  Capabilities 


BY  MARC  L.  SONGINI 

Continuing  its  effort  to  reduce 
the  cost  and  complexity  of 
linking  its  hosted  CRM  soft¬ 
ware  to  other  applications, 
Salesforce.com  Inc.  last  week 
announced  a  series  of  addi¬ 
tional  integration  capabilities. 

The  San  Francisco-based 
vendor  said  it  plans  to  offer  a 
set  of  packaged  connectors  for 
tying  its  customer  relationship 
management  tools  to  Oracle 
Corp.’s  E-Business  Suite  Hi 
back-office  applications. 

The  Oracle  connectors  are 
due  early  next  year  and  will 
support  a  bidirectional  flow  of 
data  to  ensure  that  informa¬ 
tion  stored  in  the  two  product 
lines  is  synchronized,  said  Ar¬ 
iel  Kelman,  senior  director  of 
platform  product  marketing  at 
Salesforce.com.  It  already  of¬ 
fers  similar  hooks  to  SAP  AG’s 
ERP  applications,  as  well  as  to 
Office,  Outlook  and  Notes. 

Salesforce.com  is  also  add¬ 
ing  an  outbound  messaging 
interface  that  will  let  its  ap¬ 
plications  automatically  notify 
third-party  programs  of  trans¬ 
actions,  such  as  the  creation  of 
a  new  customer  account. 

In  addition,  the  CRM  vendor 
said  that  more  than  25  other 
software  developers  are  using 
its  newly  named  ApexConnect 
integration  technology  to  offer 
plug-and-play  connections  be¬ 
tween  their  products  and  the 
Salesforce.com  software. 

Downside  to  Integration 

Joe  Graves,  IT  director  at  Stra¬ 
tus  Technologies  Inc.  in  May¬ 
nard,  Mass.,  said  he  thinks 
the  broader  integration  capa¬ 
bilities  will  help  expand  the 
number  of  third-party  vendors 
that  offer  products  through 
Salesforce.com’s  AppExchange 
online  marketplace. 

However,  AppExchange 
requires  users  to  deal  with 
multiple  software  develop¬ 
ers,  not  just  Salesforce.com, 
Graves  noted.  He  described 
that  as  a  downside  for  Stratus, 
a  maker  of  fault-tolerant  serv¬ 
ers  that  runs  Salesforce.com’s 
applications  as  part  of  its  lead- 
generation  and  sales  processes. 

Stratus  also  uses  Version  10.7 
of  Oracle’s  E-Business  Suite 


software  and  is  upgrading  to 
the  lli  release.  But  it  already 
uses  a  custom-built  interface 
to  connect  the  Oracle  and 
Salesforce.com  applications, 


Graves  said.  The  existing 
interface  works  so  well,  he 
added,  that  there  would  have 
to  be  a  special  reason  to  buy 
the  new  packaged  connectors. 


Strong  integration  tools  are 
necessary  as  Salesforce.com 
continues  to  try  to  move  “up¬ 
market”  into  larger  deploy¬ 
ments,  said  Forrester  Research 


Inc.  analyst  Liz  Herbert. 

But  the  CRM  vendor  also 
needs  to  be  less  rigid  on  its 
pricing  of  $195  per  month  for 
each  end  user,  she  said,  adding 
that  large  installations  can  get 
very  expensive.  * 


There  are  lots  of  good  ways  to 
protect  your  network. 
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Trend  Micro  InterScan  "  Gateway 
Security  Appliance 

Stop  threats  before  they  damage  your  network.  This  ail-in-one 
security  appliance  blocks  viruses,  spyware,  spam  and  other  threats  at 
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Filter  content  and  provide  security  for  desktops  in  and  out  of  the 
network  from  bots,  sortware,  malicious  code,  phishing  and  crimeware. 
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CA  Unifies  Management  of  Virtual  Servers 


BY  MATT  HAMBLEN 

CA  Inc.  last  week  released 
a  revised  Unicenter  tool  de¬ 
signed  to  let  data  center  work¬ 
ers  consolidate  management 


of  servers  that  use  clustering 
and  virtualization  technology 
from  various  vendors. 

Release  11.1  of  the  Unicenter 
Advanced  Systems  Manage¬ 


ment  software  supports  vir¬ 
tualized  and  clustered  servers 
through  a  single  interface,  said 
Paula  Daley,  CA’s  director  of 
marketing  for  the  ASM  tool. 


She  added  that  IT  workers 
can  use  the  same  commands 
to  manage  systems  equipped 
with  technology  from  vendors 
such  as  VMware  Inc.,  Micro¬ 
soft  Corp.,  Red  Hat  Inc.,  Sun 
Microsystems  Inc.,  IBM  and 


Hewlett-Packard  Co. 

The  previous  version  of 
ASM,  Release  11,  could  manage 
virtualization  software  from 
VMware  and  Microsoft  only. 
The  upgrade  also  relies  on  Mi¬ 
crosoft’s  SQL  Server  database 
as  its  central  data  repository  in¬ 
stead  of  the  Ingres  open-source 
database  that  CA  still  offers  in 
an  earlier  version,  Daley  said. 

John  Coleman,  manager  of 
technology  services  at  Well- 
Span  Health  in  York,  Pa.,  said 
he  has  been  testing  ASM  11.1 
for  about  six  weeks  and  hopes 
to  begin  using  it  to  manage 
VMware  and  IBM  virtual  sys¬ 
tems  in  January.  Systems  run¬ 
ning  Microsoft’s  virtualization 
software  would  be  added  later 
next  year,  he  said. 

Dynamic  Management 

Coleman  said  every  virtualiza¬ 
tion  vendor  has  a  different  man¬ 
agement  console,  making  a  tool 
like  ASM  valuable  in  a  mixed- 
systems  data  center  such  as 
WellSpan’s.  He  also  said  it  will 
come  in  handy  when  the  health 
care  provider,  which  owns  two 
hospitals  and  a  variety  of  other 
facilities,  needs  to  reallocate 
computing  tasks  to  different 
virtual  machines  based  on 
changes  in  user  demands. 

“With  virtualization,  you 
don’t  have  the  physical  equip¬ 
ment  to  touch  for  management, 
and  things  are  always  in  con¬ 
stant  flux,”  Coleman  said,  add¬ 
ing  that  his  staffers  should  be 
able  to  manage  systems  more 
dynamically  with  ASM. 

“A  lot  of  folks  in  IT  assumed 
that  just  implementing  virtu¬ 
alization  was  going  to  solve  all 
their  problems,  when,  in  fact, 
it  introduces  the  need  for  even 
more  management,”  said  Rich 
Ptak,  an  analyst  at  Ptak,  Noel 
&  Associates  in  Amherst,  N.H. 

For  now,  CA  might  be  unique 
in  offering  such  a  complete 
package  of  capabilities  in  a 
single  tool,  Ptak  said.  But  he 
added  that  he  expects  compe¬ 
tition  from  other  vendors,  in¬ 
cluding  HP,  BMC  Software  In-: 
and  IBM’s  Tivoli  Software  unit 

ASM  starts  at  about  $30,000 
and  requires  users  ;  -  also  have 
CA’s  Unicenter  Network  and 
Systems  Management  tool,  a 
separate  product  that  starts  at 
I  about  $10,000.  ► 
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DON  TENNANT 


Handling  Microsoft  101 


AS  RON  HOVSEPIAN  approaches  the  six- 
month  mark  as  Novell’s  CEO,  it’s  dif¬ 
ficult  not  to  be  impressed  with  his  lead¬ 
ership  of  what  had  been  a  floundering, 
faltering  fiasco  under  the  stagnant 
watch  of  former  CEO  Jack  Messman.  And  nowhere 
has  that  leadership  been  demonstrated  more  impres¬ 
sively  than  in  the  technology  collaboration  agreement 
Novell  reached  with  Microsoft  last  month. 


Under  the  deal,  Micro¬ 
soft  will  provide  sales 
support  for  Novell’s  SUSE 
Linux,  and  the  two  com¬ 
panies  will  work  together 
to  make  it  easier  for  users 
to  run  both  Windows  and 
Linux  on  their  systems.  But 
it’s  not  so  much  the  deal 
itself  that  speaks  to  Hovse- 
pian’s  leadership.  It’s  what 
went  on  behind  the  scenes 
to  make  it  happen. 

I  met  privately  with 
Hovsepian  last  week  to 
learn  more  about  the  tie-up,  and  I  came 
away  from  the  meeting  with  the  sense 
that  Hovsepian  should  teach  a  course 
on  how  to  deal  with  Microsoft.  The 
syllabus  would  be  divided  into  two 
lessons:  Lesson  One  is  “Start  with  an 
Unimpeachable  Position”;  Lesson  Two 
is  “Never  Buckle  on  the  Big  Stuff.” 

Lesson  One  began  last  May,  when 
Hovsepian  picked  up  the  phone  and 
called  Kevin  Turner,  Microsoft’s  chief 
operating  officer.  Hovsepian  knew 
Turner  from  the  days  when  the  latter 
was  the  CIO  at  Wal-Mart,  and  he  was 
betting  that  Turner  was  still  able  to 
think  like  a  customer. 

“I  said,  ‘Kevin,  I’d  like  to  have  a  con¬ 
versation  about  what  the  customer 
needs,’  ”  Hovsepian  recounted.  “  ‘If  you 
could  put  back  on  your  old  hat  as  a  cus¬ 
tomer,  if  I  came  in  and  started  talking 
to  you  about  virtualization  on  Linux, 
and  this  Microsoft  guy  showed  up  and 
started  talking  to  you  about  virtualiza¬ 
tion  on  Windows,  what  would  you  say 
to  us?’  ” 

Turner’s  response,  Hovsepian  said, 
was  what  one  would  expect  from  an 
ex-IT  executive:  “I’d  want  both  of  those 
things  together.  I  don’t  want  the  fight¬ 


ing;  I  don’t  want  to  deal 
with  it.  I’d  tell  you  two 
guys  to  go  figure  out  how 
to  make  it  work.” 

“Well,  that’s  why  I’m 
calling,”  Hovsepian  told 
him.  “How  do  we  make 
that  work  around  virtual¬ 
ization?” 

“You’re  absolutely  right, 
that  is  how  my  brain 
would  work  as  a  customer,” 
Turner  said,  according  to 
Hovsepian’s  account.  Turn¬ 
er  called  Steve  Ballmer  and 
explained  the  customer  perspective,  and 
“a  week  later  we  were  all  sitting  in  Chica¬ 
go  having  a  discussion  about  virtualiza¬ 
tion,”  Hovsepian  said.  It  was  a  perspec¬ 
tive  and  a  position  that  would  have  been 
awfully  difficult  for  Ballmer  or  anyone 
else  at  Microsoft  to  shoot  down. 

Lesson  Two,  the  one  that  covers  the 


essentials  of  not  caving  in  to  Microsoft, 
was  exemplified  early  in  the  technolo¬ 
gy  collaboration  negotiations.  Accord¬ 
ing  to  Hovsepian,  Microsoft  initially 
took  the  position  that  Linux  could  run 
as  a  guest  operating  system  on  a  Win¬ 
dows  host  but  Windows  would  not  run 
on  a  Linux  host.  “That  was  just  a  non¬ 
starter,”  Hovsepian  said.  “It  had  to  be 
bidirectional  so  the  customer  can  make 
that  decision.”  Hovsepian  stood  firm, 
and  bidirectional  it  is. 

Standing  firm  worked  equally  well 
when,  two  weeks  after  the  agreement 
was  announced,  Ballmer  blindsided 
Hovsepian  by  proclaiming  that  Linux 
customers  have  “an  undisclosed  bal¬ 
ance  sheet  liability”  because  Linux 
“uses  our  intellectual  property.”  When 
Hovsepian  shot  back  with  an  open 
letter  denouncing  those  comments, 
Microsoft  backed  off.  It  issued  a  state¬ 
ment  reaffirming  that  while  Microsoft 
“respectfully”  takes  a  view  on  the  pat¬ 
ent  issue  that’s  different  from  Novell’s, 
a  “patent  covenant  for  customers”  is 
indeed  in  place. 

Novell’s  customers  can  be  thank¬ 
ful  that  it’s  Hovsepian  who’s  teaching 
Handling  Microsoft  101.  If  they  had 
tried  to  take  the  class  last  year,  there 
wouldn’t  have  been  a  qualified  profes¬ 
sor  to  teach  it.  > 


BRUCE  A.  STEWART 


Keeping 
Two  Sets  of 
Books 

NOW  THAT  Christmas 
is  approaching,  most 
of  my  clients  are 
breathing  a  sigh  of  relief. 

The  annual  planning  exercise  and 
budget  process  is  just  about  over. 
Time  to  head  to  the  parties! 

Not  so  fast  —  did  you  do  the  second 
set  of  books? 

Now,  the  compliance  folks  have 
probably  got  you  in  their  sights  for 
even  reading  that,  but  consider  this 
question:  Does  your  budget  tell  you 
anything  useful  about  how  to  make 
changes? 

If  it  is  like  most  of  the  budgets  I 
get  to  see,  the  answer  is  a  resound¬ 
ing  no.  The  budget  doesn’t  tell  you 
enough  about  where 
your  real  budget¬ 
changing  opportu¬ 
nities  lie  —  and  if 
you’re  like  most  of  the 
clients  I  have,  80%  or 
more  of  your  IT  bud¬ 
get  is  tied  up  in  stand¬ 
ing  still  —  just  paying 
salaries,  maintenance 
and  license  fees,  de¬ 
preciation,  and  run¬ 
ning  and  maintaining 
your  applications. 

Less  than  20%  will 
go  toward  doing  any¬ 
thing  for  which  you 
can  get  credit. 

So  build  a  second 
set  of  books.  This  one 
isn’t  going  to  be  organized  by  depart¬ 
ment,  however.  It  will  be  organized 
by  application.  Each  application  is  a 
“group”  unto  itself. 

So,  what  gets  charged  against  an 
application?  Well,  the  infrastructure 
it  runs  on.  Please  resist  the  urge  to 
apportion  slices:  If  it  runs  on  a  server 
(even  if  consolidating  or  virtualizing 
means  it  shares  the  hardware),  that 
application  requires  that  server.  If  it 
runs  on  a  mainframe,  it  runs  on  the 
smallest  mainframe  that  can  support 
it.  Count  everything  —  all  the  licens¬ 
es  required  to  operate  the  machine 
and  all  the  licenses  required  to  oper¬ 
ate  the  application. 


BRUCE  A.  STEWART  is  a 

former  CEO  and  onetime 
senior  vice  president 
and  director  of  executive 
services  at  Meta  Group 
Inc.  He  is  now  an  execu¬ 
tive  adviser  in  Vancouver, 
British  Columbia.  He  can 
be  contacted  at  bruce® 
bastewart.com. 


www.computerworld.com 


OPINION 


December  4, 2906  COMPUTERWORLD 


25 


Yes,  when  you  do  a  second  applica¬ 
tion,  you’ll  double-count  things.  That’s 
OK.  These  are  meant  to  be  “cooked” 
books. 

Also  provide  for  salaries.  Operators 
and  system  managers  are  sold  only  in 
units  of  one;  we  don’t  apportion  these, 
either.  The  more  support  staffers  that 
are  needed  to  keep  the  machine  run¬ 
ning,  the  more  you  add  in. 

Did  you  add  the  disaster  recovery  ca¬ 
pability  for  this  application?  It’s  not  on 
the  recovery  list?  Why  are  you  running 
it  at  all,  if  it’s  not  going  to  be  needed 
later?  Having  the  user  decide  what’s 
worth  paying  for  is  1990s  thinking. 

It’s  either  needed  or  it  isn’t,  and  if  it’s 
needed,  it  needs  to  be  recovered. 

Now  add  in  every  development  tool 
you  used  to  build  the  application  and 
every  tool  you  use  to  test  and  maintain 
it.  Do  you  have  a  dedicated  team  that 
maintains  this  application?  Add  those 
people’s  salaries  in. 

If  you  use  an  outsourcer  that  charges 
you  by  the  application  rather  than  by 
other  units  for  operation  and  mainte¬ 
nance,  you  are  ahead  of  the  game.  Just 
use  the  charges.  Now  sort  your  appli¬ 
cations,  from  the  cheapest  to  own  and 
operate  to  the  most  expensive. 

The  ones  at  the  expensive  end  of  the 
list  are  your  prime  candidates  for  re¬ 
consideration.  Maybe  that  means  retir¬ 
ing  them.  (If  they’re  not  really  needed, 
why  have  them  at  all?)  Maybe  it  means 
replatforming  them  to  an  infrastruc¬ 
ture  that’s  cheaper  to  own.  Maybe  it 
means  rewriting  them. 

These  numbers  aren’t  for  a  business 
case,  but  they  do  tell  you  where  you 
should  put  your  efforts  to  lower  that 
80%  (or  more)  that  goes  into  standing 
still.  Coming  forward  with  a  “let’s  re¬ 
place  wish  list”  is  a  solid  way  to  make 
change  happen.  Just  don’t  show  anyone 
your  second  set  of  books!  > 


MICHAEL  H.  HUGOS 

Radar  for 
The  System 
Builder 

After  years  of  design¬ 
ing  systems  and  run¬ 
ning  projects  to  build 
them,  I  have  settled  on  five 

key  questions  that  I  want  answered  ev¬ 
ery  week  by  each  project  team.  These 
questions  cover  the  full  range  of  things 
that  can  make  or  break  a  project,  which 


means  I  want  to  know  about 
them  right  away. 

Because  I  want  answers 
that  are  clear  and  not  mixed 
in  with  a  lot  of  words  that 
can  be  used  to  obscure, 
mystify  and  spin  the  facts, 
they  are  yes-or-no  ques¬ 
tions.  If  team  leaders  can’t 
(or  won’t)  give  me  clear 
answers,  it  always  means 
trouble.  I’ve  found  that 
the  inability  to  give  me  a 
straightforward  answer 
comes  down  to  one  of  two 
reasons.  Either  the  team 
leader  doesn’t  really  know 
the  answer  because  he’s  not 
in  control  of  the  work  his 
team  is  doing  and  doesn’t 
know  what’s  going  on,  or  he 
does  know  what’s  going  on  but  wants 
to  spin  the  facts  and  only  selectively 
reveal  what’s  really  happening.  The 
second  reason  makes  me  even  more 
nervous  than  the  first  one. 

Human  nature  being  what  it  is, 
people  on  projects  are  often  reluctant 
to  report  bad  news.  After  all,  we’ve  all 
known  managers  who  have  shot  the 


messenger  who  brought 
bad  news.  Because  of  this, 
weekly  project  reports  can 
become  exercises  in  hid¬ 
ing  bad  news  and  playing 
up  (sometimes  imaginary) 
good  news.  The  system 
builder,  that  person  respon¬ 
sible  for  guiding  the  project 
through  to  a  successful 
conclusion,  winds  up  get¬ 
ting  snowed  under  by  a 
blizzard  of  words.  And  then 
the  fog  closes  in,  people  get 
lost,  and  the  project  starts 
to  wander  aimlessly. 

The  following  five  ques¬ 
tions  are  the  radar  I  use  to 
see  through  the  fog: 

1.  Has  the  scope  of  any 
project  task  changed? 

2.  Will  any  major  activity  or  mile¬ 
stone  date  be  missed? 

3.  Does  the  project  team  need  any 
outside  skills  or  expertise? 

4.  Are  there  any  unresolved  techni¬ 
cal  problems? 

5.  Are  there  any  unresolved  user  re¬ 
view  or  approval  problems? 

Whenever  the  answer  to  one  of  those 


questions  is  yes,  the  team  leader  has 
to  follow  up  with  a  short  assessment 
of  the  problem  and  what  he  sees  as  the 
one  or  two  best  options  for  dealing 
with  it.  This  is  important  because  peo¬ 
ple  on  a  project  must  focus  on  answers, 
not  just  problems.  I  don’t  need  a  bunch 
of  highly  paid  team  leaders  to  tell  me 
what  can’t  be  done  or  why  things  won’t 
happen  on  time.  By  telling  me  how  to 
cope  with  the  problems  we’re  facing, 
the  team  leader  and  I  both  have  skin  in 
the  game;  we’ll  figure  something  out. 

To  sail  your  project  safely  through 
the  fog  and  storms  that  inevitably  oc¬ 
cur,  you  need  to  get  these  answers 
every  week  from  every  team  leader  on 
your  project.  If  you  do,  you  will  spot 
trouble  early  enough,  and  you  will 
have  the  time  and  options  for  respond¬ 
ing  effectively.  Don’t  worry  about  the 
good  news;  there  will  be  plenty  of  time 
to  celebrate  that.  It’s  always  the  unde¬ 
tected  bad  news  that  sinks  the  project. 
Turn  on  your  radar.  * 

WANT  OUR  OPINION? 

OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 
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In  HP’s  Defense 

THERE  IS  nothing  unsavory 
about  "feeding  false  informa¬ 
tion  to  a  reporter  as  a  means  of 
smoking  out  her  source"  ["Dribs, 
Drabs  and  Dysfunction,"  Editorial, 
Oct.  2],  Since  the  reporter  was 
willing  to  receive  stolen  (intel¬ 
lectual)  property  (HP  confidential 
information  to  which  she  had  no 
right)  from  the  leaker,  she  is  not 
entitled  to  any  protection.  HP's  ac¬ 
tions  were  no  different  than  using 
an  RFID  tag  to  track  down  stolen 
physical  property. 

Mark  Wallace 
Enterprise  architect, 

Database  Architechs, 

Lake  Forest,  Calif. 

Students  Go  Where 
The  Jobs  Are 

KIDS  TODAY  are  avoiding 
technical  careers  not  be¬ 
cause  the  jobs  are  boring  or  too 
tactical  [“A  Scarcity  of  IT  Talent 
Will  Force  Piracy,"  Computerworld.- 
com,  Oct.  2],  There  are  plenty 
of  smart  young  people  in  this 
country  who  could  be  engineering 
or  computer  science  majors,  but 


all  they  hear  from  parents,  friends, 
neighbors  and  the  media  is  how 
the  technical  jobs  are  being 
offshored.  Why  would  these  kids 
want  to  go  through  fours  years  of 
college,  in  very  difficult  majors, 
only  to  find  that  there  are  no  jobs 
for  them  in  this  country? 

Stop  blaming  the  kids  and  start 
blaming  the  companies  that  have 
shipped  all  their  production  and 
support  offshore.  If  you  want 
more  kids  to  pursue  technical 
careers,  then  make  sure  that 
there  will  be  U.S.  jobs  when  they 
graduate. 

James  Ryder 
Principal  analyst, 

National  Grid  USA, 

Syracuse,  N.Y., 
James.Ryder@us.  ngrid.com 


Predictive  History 

REDICTIVE  ANALYSIS  has 

been  around  for  ages  ["Pre¬ 
dictive  Analytics,"  QuickStudy, 
Oct.  9],  Nine  years  ago,  a  start-up 
called  Trivida  used  it  to  drive  real¬ 
time  recommendations  on  indi¬ 
vidual  and  affiliated  Web  sites  and 
to  determine  demand  at  retailers' 
multisite  outlets.  It  was  impres¬ 


sive  enough  to  attract  the  atten¬ 
tion  of  affiliate  marketer  BeFree, 
which  purchased  the  technology 
(before  being  acquired  itself  by 
ValuClick). 

At  about  the  same  time,  Dyn- 
aptics  used  a  similar  prediction 
engine  to  help  e-commerce  com¬ 
panies  improve  per-visit  revenue. 
And  neither  company  used  the 
generic  data  analysis  that  Amazon 
has  relied  on  for  years  (“Other 
customers  who  bought  X  also 
bought  Y"). 

Peter  Altschuler 
Vice  president,  marketing 
strategy,  Wordsworth  &  Co., 
Santa  Monica,  Calif,  altschuler 
@wordsworthandco.com 


Tool  Was  ‘Just  Write’ 

I  FOUND  WRITELY,  Google’s 
word  processing  offering,  a 
lifesaver  [“Toy  or  Tool?  Google 
Docs  &  Spreadsheets  Reviewed," 
Computerworld.com,  Oct.  13].  As 
a  journalist  covering  a  show  in 
Japan,  I  was  forced  to  use  laptops 
in  the  pressroom  that  lacked  any 
Microsoft  Office  applications.  So, 

I  accessed  Writely,  posted  my 
text  and  saved  it  on  the  site.  Back 


in  my  hotel  room,  I  easily  picked 
up  the  text  and  combined  it  with 
photos  (and  image  processing)  on 
my  own  laptop  and  posted  my  ar¬ 
ticles.  Writely  isn’t  a  replacement 
for  a  dedicated  word  processor, 
but  it’s  a  great  tool  to  keep  in  your 
arsenal. 

Fred  Manteghian 

Torrington,  Conn. 


Long  Live  the  Queen 

YOUR  OCT.  12 Computerworld.- 
com  article  asks,  “Is  the  King’s 
English  Dead?”  Yes  -  for  the  last 
53  years,  in  England  at  least,  it 
has  been  known  as  the  Queen’s 
English. 

Reg  Harford 
Strathroy,  Ontario 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity 
They  should  be  addressed  to  •. 

Eckle,  letters  editor,  Com 
world, PO Box 9171  •  ...  v- Street, 
Framingham,  Mas: .  i  >  /01.  Fax: 
(508)  879-4343.  E-mail:  letters® 
computerworld.com.  Include  an 
address  arid  phone  number  for  im¬ 
mediate  verification. 


MICHAEL  H.  HUGOS  is  a 

principal  in  Effective  Sys¬ 
tems  Inc.  and  a  speaker. 
He  is  a  member  of  the 
2006  Computerworld 
Premier  100  IT  Leaders 
class.  His  books  include 
Essentials  of  Supply  Chain 
Management.  2nd  Edi¬ 
tion  (John  Wiley  &  Sons, 
2006).  He  can  be  reached 
at  mhugos@yahoo.com. 
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Remote  access  is  no  longer  a  perk  for  the  few,  but  a  necessity  for  everyone.  Microsoft®  Exchange 
Server  2007  unifies  e-mail,  v-mail,  and  calendars  into  a  single  system  with  advanced  security  that 
connects  everyone  to  the  information  they  need,  anywhere  they  go.  See  how  companies  are 
giving  more  people  more  access  at  microsoft.com/exchange 


Microsoft’ 

Exchange  Server  2007 


Innovations  by  InterSystems 


Teach  old  applications  new  tricks. 

Chances  are  you  have  users  who  want  your  applications  to  do  new  and  wondrous  things. 

So  you’ve  probably  tried  rewriting  them,  and  know  how  difficult  that  can  be. 

We  have  an  easy  way  to  enhance  applications  without  rewriting  -  adding  functionality  and 
new  user  interfaces,  and  giving  your  applications  the  capability  to  work  together  as  an  ensemble. 

These  impressive  tricks  are  performed  easily  with  Ensemble  -  a  software  innovation 
by  InterSystems  that  enables  you  to  extend  your  applications  with  a  browser-based  user  interface, 
adaptable  workflow,  rules-based  business  processes,  executive  dashboards,  and  more.  In  addition, 
Ensemble  gives  you  the  ability  to  rapidly  connect  people  and  processes. 

We  are  InterSystems,  a  global  software  company  with  a  28-year  track  record  of  innovations 
that  enrich  applications. 


InterSystems 

ENSEMBLE 

Read  case  studies  about  this  exciting  innovation  at  InterSystems.com/Enrich3A 


©  2006  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Ensemble  is  a  registered  trademark  of  InterSystems  Corporation.  11-06  EnsEn3  CoWo 


Microsoft’s  new  Office  suite 


backward  compatibility,  user  training 
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SECURITY  MANAGER’S  JOURNAL 

Stopping  Data  From  Flying  Off  to  Google 

New  desktop  PCs  at  C.J.  Kelly’s  state  agency  come  with  Google  Desktop  installed. 
So,  what  could  be  the  problem  with  such  a  useful  program?  Take  a  look  at  the 
Search  Across  Computers  feature,  which  gives  our  columnist  the  creeps.  PAGE  36 
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OPINION 

Why  Bluetooth  Is  Still  a  Pain 

David  Strom  says  Bluetooth  products  are  sexy,  but  they 
have  some  serious  compatibility  problems  that  can  cause 
headaches  for  corporate  IT  departments.  PAGE  38 


BY  ROBERT 
L.  MITCHELL 


AS  MICROSOFT 
Office  2007 
begins  its  long- 
awaited  rollout, 
Joe  Marshall  is 
ready.  Having 
worked  with 
the  beta  version, 

Marshall,  a  business  systems  analyst 
at  Geiger  Brothers  Inc.,  has  decided  to 
recommend  that  the  400  users  in  the 
Lewiston,  Maine-based  promotional 
nrrwtnft-c  mmmnv  mierate  to  the  of¬ 


fice  productivity  suite 
in  the  first  half  of  2007. 

“I  think  it  will  make 
them  more  productive,’ 
he  says. 

Diane  Pencil  sees  things  differ¬ 
ently.  The  lead  enterprise  architect 
at  Owens  Corning  sees  little  value 
in  upgrading  12,000  desktops  at  the 
Toledo,  Ohio-based  building  materials 
company.  She  says  Office  2007’s  rede¬ 
signed  user  interface,  which  replaces 
the  current  menu  and  toolbar  struc¬ 


ture  with  a  contextual 
Ribbon  bar,  will  re¬ 
quire  face-to-face  and 
online  retraining  and 
is  likely  to  cause  an  increase  in  help 
desk  calls.  Furthermore,  she  doesn’t 
see  a  significant  return  on  investment, 
despite  the  suite’s  many  new  features. 
“The  things  that  are  being  added  to 
Office  aren’t  things  that  we’ve  needed 
for  a  long  time,”  she  says. 

IT  organizations  sizing  up  the  new 
Office  offering  are  weighing  the  ben¬ 


efits  of  a  new  user  interface  and  new 
features  against  concerns  about  train¬ 
ing,  calls  to  the  help  desk,  a  new  Open 
XML  file  structure  and  overall  ROI. 

“We  have  a  new  [user  interface],  new 
file  formats.  This  is  going  to  be  one  of 
the  trickier  migrations,”  says  Michael 
Silver,  an  analyst  at  Gartner  Inc. 

Many  IT  professionals  remain 
skeptical  of  the  bottom-line  benefits, 
according  to  a  survey  of  727  readers  of 
Computerworld  and  “The  Office  Letter,” 
Continued  on  page  34 
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Challenged  with  balancing  efforts  to  support  the  latest  strategic  initiatives  while  still  lowering  operational 
costs?  SAS  takes  you  beyond  traditional  Bl  query  and  reporting  to  a  higher  level  of  shared  decision  making 
that  drives  innovation.  Our  fully  integrated  Enterprise  Intelligence  Platform  sets  the  foundation,  linking 
technologies  for  data  integration  and  storage,  reporting  and  analysis.  Proven  software,  industry-specific 
solutions  and  domain  experience  extend  the  value  of  your  investment.  Bridging  the  gap  between  what  you 
have  -  growing  expectations  to  deliver  a  return  on  investment  -  and  what  you  want  to  achieve  -  increased 
profits,  reduced  risk  and  improved  performance. 
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Regardless  of  the  project  list  -  building  data  warehouses,  consolidating  multiple  databases,  cleansing 
data  in  real  time,  augmenting  operational  data  with  new  information,  or  even  dealing  with  ERP  systems 
-  SAS  helps  you  connect,  cleanse,  consolidate  and  create  value  from  all  your  enterprise  data.  Whether  your 
data  integration  needs  are  stand-alone,  or  you  need  to  seamlessly  integrate  with  our  scalable,  end-to-end 
business  and  analytic  platform. 
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SAS  Intelligence  Storage  ensures  that  business  and  analytic  intelligence  can  be  obtained  quickly,  by  serving 
the  data  through  a  platform  designed  for  rapid  retrieval  and  reporting  without  sacrificing  manageability  and 
operational  integrity.  And  our  integrated,  scalable  storage  architecture  grows  easily  with  your  organization, 
unlike  many  “one-size-fits-all”  platforms. 
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Our  integrated  suite  of  Bl  software  ensures  fast,  easy  access  to  multiple  data  sources,  consistent  and 
credible  reporting,  and  simple  deployment  of  data  across  your  organization.  SAS  eliminates  the  need  to 
maintain  data,  security  and  metadata  in  several  places  and  formats  -  providing  reliable  results  that  can 
be  shared  quickly  to  ensure  that  IT  inspires  business  innovation. 
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SAS"  SOFTWARE  FOR  ANALYTICS 


sis,  ranging  from  experimental  design, 
i  forecasting  to  simulation  and  optimization. 

with  precision,  improve  quality 
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www.sas.com/betteranswers 


Want  proof?  Find  out  why  SAS  is  at  work  in  96  of  the  top  1 00  companies  on  the 


FORTUNE  Global  500"  —  with  customer  retention  rates  exceeding  98%  annually  for  30  years. 
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Continued  from  page  31 
an  electronic  newsletter  for  Office  users. 
Nearly  half  of  the  respondents  (46%) 
said  they  expect  no  change  in  worker 
productivity  with  the  new  suite,  while 
24%  predicted  that  users  will  be  more 
productive  than  they  are  using  earlier 
versions  of  the  applications  suite. 

The  190  survey  respondents  who 
were  hands-on  beta  testers  of  Office 
2007  have  a  brighter  outlook:  43%  said 
they  expect  productivity  to  increase. 

IT  professionals  are  most  optimistic 
about  new  features  in  the  Word,  Excel 
and  Outlook  applications  within  the 
suite.  “With  the  amount  of  e-mail  we 
receive,  being  able  to  search  in  a  quick¬ 
er,  more  intuitive  fashion  is  a  great  ben¬ 
efit.  Outlook  is  where  most  people  will 
gain  the  greatest  benefit,”  says  Michael 
Case,  IT  services  director  at  Manches¬ 
ter  College  in  Manchester,  Ind. 

The  biggest  challenge  to  deploy¬ 
ment?  “The  Ribbon  bar,”  Case  says  flat¬ 
ly,  although  he  predicts  that  once  users 
learn  it,  they’ll  be  more  productive.  To 
familiarize  users  before  a  scheduled 
rollout  to  1,200  of  them  next  summer, 
Case  plans  to  offer  a  combination  of 


.With  all  of  the  changes  in  Office  2007,  Mi¬ 
crosoft,  is  anxious  to  provide  tools  to  make 
the  transition  as  smooth  as  possible.  Here 
are  key  training  and  support  offerings,  as 
well  as  highlights  from  the  Migration  Man¬ 
agement  Technologies  tool  suite. 


si  2007  Office  Resource  Kit:  Tools  to 
support  installation,  customization  and 
maintenance  of  Office  2007. 

at  Microsoft  Office  Migration  Planning 
Manager:  Includes  a  scanning  tool  that 
inventories  Office  document  types  on  client 
PCs  and  servers,  then  flags  potential  file- 
.  compatibility  problems  with  Office  2007. 

s  Microsoft  Office  Compatibility 
Pack:  Allows  Office  2000,  Office  XP  or 
Office  2003  machines  to  support  Office 
2007's  Open  XML  format. 

«  Interactive  command  reference 
guide:  Online  resource  for  mapping  Excel, 
Word  and  PowerPoint  commands  from  Of- 
.  fice  2003  to  Office  2007. 

E-learning  courseware:  Microsoft  of¬ 
fers  12  free  courseware  packages  right  out 
■ '  of  the  gate.  Each  lasts  from  45  minutes  to 
an  hour.  More  courses  are  planned. 

-  ROBERT  L.  MITCHELL 


brown-bag  lunch  sessions,  video  train¬ 
ing  and  in-house  training  programs. 

Pencil  says  Excel’s  new  support  for 
larger  spreadsheets  will  be  useful  to  a 
small  subset  of  users  who  build  “really 
humongous  spreadsheets”  on  a  weekly 
basis  as  part  of  pricing  exercises.  Cur¬ 
rently,  those  analysts  must  use  third- 
party  tools  to  manipulate  that  data. 

Marshall  likes  Word’s  new  live  pre¬ 
views  feature,  which  enables  users 
to  see  how  an  attribute  will  look  on 
selected  text  before  it  is  applied.  And 
he  says  the  pop-up  contextual  Mini 
Toolbar,  which  lets  users  quickly  apply 
commonly  used  attributes  to  selected 
text,  is  a  “slick”  time-saver. 

Rhett  Smith,  principal  at  consultancy 
BioCIO  LLC  in  New  York,  says  that, 
from  a  developer’s  standpoint,  Office 
2007  is  a  big  improvement.  “Developing 
for  previous  versions  is  cumbersome 
and  inconvenient,”  he  says.  “The  devel¬ 
opment  model  for  2007  is  much,  much 
nicer.” 

That’s  a  good  thing,  because  some 
businesses  may  have  to  rewrite  some  of 
their  custom  programming  for  Office 
applications.  Bob  Fink,  IT  manager  at 
Pacific  Scientific  Energetic  Materials  Co. 
(PS/EMC)  in  Chandler,  Ariz.,  says  Ac¬ 
cess  2007  won’t  work  with  Visual  Basic 
6  programs  that  were  designed  to  run 
with  the  database.  The  same  problem 
wasn’t  resolved  in  Office  2003  until  Ser¬ 
vice  Pack  1  arrived.  “Backward  compat¬ 
ibility  is  an  issue,”  Fink  says. 

Migration  Plans 

Only  5%  of  the  surveyed  readers  said 
they’ll  skip  Office  2007.  Most  organiza¬ 
tions  see  migration  as  inevitable.  The 
only  question  is  when.  Timing  depends 
on  issues  such  as  the  total  project  cost 
and  whether  companies  are  still  com¬ 
fortable  with  an  earlier  version  of  Of¬ 
fice.  “A  large  portion  just  recently  com¬ 
pleted  upgrades  to  Office  2003,”  says 
Kyle  McNabb,  an  analyst  at  Forrester 
Research  Inc.  Because  of  that,  he  says 
most  enterprises  don’t  expect  to  move 
to  Office  2007  before  2009. 

Owens  Corning  is  likely  to  migrate 
in  2007,  but  the  timing  has  more  to  do 
with  an  internal  restructuring  than 
with  compelling  benefits.  “We’ll  prob¬ 
ably  put  it  forward  as  one  of  those  proj¬ 
ects  that  will  need  to  be  done,”  Pencil 
says,  but  under  normal  circumstances, 
the  company  would  wait.  “If  I  had  my 
druthers,  we  wouldn’t  be  doing  the  up¬ 
grade  anytime  soon,”  she  says. 

At  PS/EMC,  Fink  plans  to  start  by 
upgrading  a  small  group  rather  than 
all  360  users.  “It  will  be  piecemeal.  If 
it  goes  well,  we’ll  probably  step  up  the 
deployment  a  little,”  he  says,  adding 


Migration  Plans 


Does  your  organization  plan  to  adopt  Office  2007? 

Base:  727  IT  professionals 


37% 


■  In  the  next  six  months:  11% 

■  In  the  next  seven  to  12  months:  11% 

■  In  the  next  13-18  months:  9% 

■  After  18  months:  7% 

Existing  PCs  or  New  Ones? 


Base:  270  IT  professionals  at  organizations 
planning  to  upgrade  to  Office  2007 


NO! 

44% 

i  No  plans  now:  39% 
i  Skipping  this  version:  5% 


Why  Not? 


Already  committed  to 
Office  XP  or  Office  2003 


Software  upgrade  costs 
are  too  great 

Features  aren’t 
sufficiently  compelling 

User  interface  changes  are 
too  dramatic;  training  issues 


Base:  457  IT  professionals  at  organizations 
not  planning  to  upgrade  to  Office  2007 


Training  Plans 


What  type  of  Office  2007  training 
are  you  planning  to  provide? 

Brief  introduction  (no  more  than  one  hour)  |”~ 

Online/printed  resources  from  Microsoft  | 

Online/printed  resources  developed  in-house  | 

Series  of  classes  | 

Full-  or  part-day  instruction  | 

Online/printed  resources  from  third  parties  | 

Don't  know 


No  plans  to  provide  training 

Base:  270  IT  professionals  at  organizations  planning  to  upgrade  to  Office  2007;  multiple  responses  allowed 


that  he  expects  it  to  take  users  a  few 
months  to  become  fully  proficient  with 
the  new  version.  “For  my  users  that 
aren’t  well  versed,  Office  2003  was  a 
shock  to  them,  so  Office  2007  will  be  a 
little  intimidating,”  Fink  says. 

Jacob  Jaffe,  director  of  Microsoft  Of¬ 
fice,  claims  that  the  software  vendor  has 
listened  to  enterprise  users  who  com¬ 
plained  about  insufficient  training  and 
support  during  the  Office  2003  rollout 
and  will  have  more  resources  available 
this  time  around.  The  new  resources 
include  the  Office  Migration  Planning 


Manager,  a  tool  that  can  scan  machines 
for  potential  problems  prior  to  an  up¬ 
grade;  the  IT  Resource  Kit  for  deploy¬ 
ment  planning;  and  a  dozen  e-learning 
courses  that  were  available  online  for 
free  when  the  product  launched  last 
week.  This  time,  resources  will  be  avail¬ 
able  early,  not  12  to  14  months  after  the 
Office  release,  Jaffe  says. 

Good  training  and  support  are  criti¬ 
cal,  because  most  survey  respondents 
said  they  think  it  will  take  days  or 
weeks  for  users  to  become  proficient 
with  Office  2007.  They  said  they  plan 
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to  use  a  mix  of  training  methods  and 
materials  to  get  users  up  to  speed. 
While  36%  expect  training  costs  to 
come  in  under  $100  per  head,  27%  pre¬ 
dict  that  $100  to  $500  is  more  likely. 

Nearly  one  quarter  of  respondents 
(24%)  cited  cost  as  the  major  reason  for 
not  upgrading  to  Office  2007.  Pencil  is 
hoping  to  keep  total  project  costs  under 
$300  per  seat,  including  $75  to  $100  per 
seat  for  technician  time. 

But  licensing  costs  are  another 
consideration.  “Because  more  than  36 
months  have  elapsed  since  Office  2003 
was  released,  some  IT  organizations 
that  signed  up  for  Microsoft’s  Soft¬ 
ware  Assurance  contract  at  that  time 
will  see  their  contracts  expire  without 
including  the  expected  Office  2007  up¬ 
grade,”  says  Gartner’s  Silver.  “In  some 
cases,  they  paid  millions  of  dollars. 
Those  people  are  not  happy.” 

But  Microsoft’s  Jaffe  says  he’s  “not 
hearing  a  lot  of  concern”  about  that. 
Software  Assurance  includes  resources 
for  things  such  as  training  and  deploy¬ 
ment,  but  “there  is  no  guarantee  that 
another  product  will  ship  in  that  time.” 
Office  2007  is  the  version  that  didn’t 
make  that  36-month  window,  and  Jaffe 
says  users  should  consider  the  Office 
2007  development  cycle  “an  anomaly.” 
But,  he  adds,  “that’s  not  a  guarantee  for 
the  next  release.”  Enterprise  costs  for 
software  licenses  are  about  5%  higher 
than  for  Office  2003,  Jaffe  says. 

As  for  ROI,  even  those  who  say 
productivity  will  increase  aren’t  sure 
whether  that  increase  will  be  measur¬ 
able.  Geiger  Brothers’  Marshall  says 
he’s  convinced  that  the  new  interface 
will  allow  users  to  complete  the  same 
tasks  more  quickly  because  they  won’t 
need  to  step  down  through  menus  to 
access  buried  functions.  But  he  ac¬ 
knowledges  that  the  time  savings  will 
be  “hard  to  quantify.”  Owens  Coming’s 
Pencil  says  she  doesn’t  think  it  will 
make  a  difference.  “I  don’t  think  it’s 
such  a  big  deal  to  have  people  click 
down  two  or  three  levels,”  she  says. 

Brent  Eads,  director  of  information 
systems  at  Employee  Technology  Solu¬ 
tions  Inc.  in  Chicago,  says  his  experi¬ 
enced  Office  users  revolted  when  given 
the  Office  2007  beta.  “Most  were  turned 
offby  the  new  user  interface  —  espe¬ 
cially  expert-level  users,”  he  says,  add¬ 
ing  that  Microsoft  should  have  included 
a  “classic”  user  interface.  The  scope  of 
change  in  Office  2007  made  that  less 
feasible,  a  Microsoft  representative  says, 
adding  that  it  does  offer  the  Interactive 
Command  Reference  Guide,  an  e-learn¬ 
ing  program  that  maps  commands  from 
the  old  user  interface  to  the  new  one. 

Microsoft  claims  that  users  could 


REVIEW 


THE  LOWDOWN 


In  a  review  published  on  Computerworld.com, 
freelance  writer  Richard  Ericson  covers  the 
pros  and  cons  of  the  new  features  in  Office 
2007,  as  well  as  the  related  SharePoint  Server. 
The  following  is  a  small  excerpt  from  the  full 
online  review,  which  is  available  at  www. 
computerworld.com/software. 

Keep  in  mind  that 
I  jf  you  move  ,0  0f_ 

fice  2007,  your  training  materials  will 
become  obsolete  (or  unreliable  at  the 
very  least).  Likewise,  the  many  tips  found 
on  Web  sites  and  in  books  and  manuals  will 
be  out  of  date.  That  could  make  for  a  serious 
setback  in  terms  of  training  and  productivity, 
at  least  in  the  short  term.  The  trade-off  will 


•  be  if  users  start  to  find  (and  use)  features 
they  knew  were  in  the  product  but  couldn’t 

•  find  before,  perhaps  lowering  the  cost  of 

•  support.  The  unchangeable  user  interface 

,  also  benefits  your  organization's  help  desk, 

•  since  icons  will  be  consistently  placed  on 
everyone's  desktop  (with  the  exception  of 

•  the  Quick  Access  Toolbar,  of  course). 

If  collaboration  and  file  sharing  are  on  your 
mind,  SharePoint  Server  and  its  integration 

•  with  Office  2007  are  impressive.  That’s  the 
reason  to  upgrade.  SharePoint  installation 

•  is  strictly  for  experienced  IT  pros;  this  isn't  a 

•  program  a  small  or  midsize  business  should 
install  on  its  own.  Once  installed,  however, 

•  the  ability  to  create  dynamic  sites  -  and  for 
users  to  benefit  from  these  tools  and  create 

•  their  own  My  Site  pages  -  is  extraordinary. 

•  Users  can  be  trained  to  work  with  shared 
libraries,  calendars  and  other  content  in  very 

•  little  time.  That's  where  the  payback  lies. 


also  become  more  productive  by  using 
features  that  were  previously  hidden 
and  are  now  exposed,  in  the  right  con¬ 
text,  in  the  Ribbon  bar.  Jaffe  says  that 
80%  of  the  features  that  users  have 
asked  for  are  in  the  version  of  Office 
they  already  own  —  “they  just  don’t 
know  how  to  get  there.”  By  exposing 
those  functions,  Microsoft  hopes  that 
users  will  discover  and  use  them. 

“Microsoft’s  claim  is  that  Office  2007 
makes  it  easier  for  users  to  create 
better-looking  documents  faster,  which 
is  a  laudable  goal,”  says  Silver.  “But  for 
many  IT  departments  I  speak  to,  that’s 
not  one  of  theirs.” 

What  might  interest  IT  is  tighter 
integration  with  Microsoft’s  collabora¬ 
tion  platform,  SharePoint  Server  2007. 


Productivity  Predictions 


Once  users  climb  the  learning  curve,  what 
effect  will  Office  2007  have  on  productivity 
compared  with  their  current  Office  versions? 


Not  currently  Less  pro¬ 
using  Office:  1%  ductive:  5% 

Base:  727  IT  professionals. 

Percentages  don't  add  up  to  100  because  of  rounding. 


Silver  says  most  of  his  corporate  clients 
that  plan  to  move  quickly  to  Office  2007 
cite  SharePoint  as  the  primary  reason. 

“I  like  the  interfaces  with  SharePoint 
2007,”  such  as  synchronization  be¬ 
tween  individual  and  team  calendars, 
says  PS/EMC’s  Fink,  who  is  evaluating 
the  product. 


File  Format  Angst 

The  new  Open  XML  file  format  is  anoth¬ 
er  area  of  concern.  While  the  new  format 
is  open,  more  compact  and  less  likely  to 
be  corrupted  than  Office’s  current  binary 
formats,  Office  2003,  XP  and  2000  users 
will  need  a  compatibility  pack  to  read  the 
format.  Plus,  users  on  older  versions  will 
need  to  use  Explorer  to  convert  files  back 
and  forth.  “We’re  trying  to  do  everything 


Calling  for  Help 


Don  t  know: 
22% 


Support  needs  will 
decrease:  7% 

Base:  270  IT  professionals  at  organizations 
planning  to  upgrade  to  Office  2007. 
Percentages  don't  add  up  to  100  because  of  rounding. 


How  will  Office  2007  affect  the  help  desk, 
compared  with  previous  versions? 
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we  can  to  avoid  the  angst  we  caused  with 
Office  97,”  says  Jaffe. 

Nonetheless,  the  transition  will  be 
challenging.  Jaffe  says  even  organiza¬ 
tions  with  no  plans  to  upgrade  to  Office 
2007  should  download  the  compatibility 
pack,  but  Marshall  isn’t  sure  that  will 
happen.  Geiger  Brothers  exchanges 
documents  with  hundreds  of  vendors. 

“A  lot  is  going  to  depend  on  what  format 
they  will  accept,”  he  says,  but  the  cur¬ 
rent  plan  is  to  use  group  policy  to  force 
all  documents  to  be  saved  in  Office  2003 
format  “so  we  don’t  have  to  deal  with  the 
compatibility  issue  during  deployment.” 

Jaffe  acknowledges  that  the  transition 
to  a  new  format  might  be  difficult.  How¬ 
ever,  he  argues  that  “in  terms  of  where 
customers  want  to  go  in  the  future, 

XML  format  is  the  only  way  we  can  take 
them  there.”  But  for  now,  says  Gartner’s 
Silver,  “the  least-risk  option  is  to  stick 
with  the  binary  formats  for  a  while.” 

Mixed  Environments 

Many  organizations  are  currently  us¬ 
ing  two  or  more  versions  of  Office,  but 
Office  2007  is  such  a  radical  departure 
that  they  may  face  an  even  more  con¬ 
fusing  support  environment.  “Once 
they  start  the  migration,  they  will  want 
to  have  all  users  on  Office  2007  quickly, 
versus  having  a  mix,”  says  Silver. 

“I  would  expect  that  we’ll  see  much 
less  of  the  mixed  environments  go¬ 
ing  forward,”  says  Jaffe.  That  would 
certainly  benefit  Microsoft,  which  has 
been  frustrated  by  how  reluctant  or¬ 
ganizations  are  to  upgrade  their  users 
to  the  newest  versions  of  Office.  But  a 
broad  migration  also  adds  to  the  cost 
—  particularly  if  only  a  small  subset  of 
users  truly  needs  the  new  features. 

Ultimately,  planners  may  discover 
that  Office  2007  is  as  much  a  sales  ef¬ 
fort  as  a  technical  upgrade.  “Many  [IT 
managers]  we’ve  spoken  to  believe  they 
need  to  define  strong  internal  market¬ 
ing  programs  to  communicate  the  val¬ 
ue  of  the  new  client  [to]  the  employee 
population,”  says  Forrester’s  McNabb. 

And  once  users  are  up  and  running. 
Pencil  doesn’t  expect  them  to  take  ad¬ 
vantage  of  productivity-enhancing  new 
features  without  a  push.  “If  you  want 
people  to  use  more  features,  you  have 
to  show  them  how  to  use  them.  It’s  a 
sales  job.  You  really  have  to  bang  the 
drum  all  the  time,  saying,  ‘Office  can  do 
that,  let  me  show  you  how,’  ”  she  says. 

Marshall  acknowledges  that  75% 
of  his  staff  will  continue  to  do  “the 
same  kind  of  work”  once  Office  2007 
is  deployed.  But  he  thinks  Microsoft  is 
going  in  the  right  direction.  “This  is 
what  they  should  have  been  doing  with 
Office  all  along,”  he  says. » 


58  COMPUTERWORLD 


December  4, 2006 


TECHNOLOGY 


www.computerworld.com 


Stopping  Data  From 
Flying  Off  to  Google 


New  desktop  PCs  come  with  Google  Desk¬ 
top  installed.  So,  what  could  be  the  problem 
with  such  a  useful  program?  By  C.J.  Kelly 


My  state  agency’s 
intrusion- 
detection  systems 
were  showing 

some  undesirable  activity  on 
our  network.  Upon  investiga¬ 
tion,  we  found  that  several 
desktop  systems  were  com¬ 
municating  with  Google  via 
Google  Desktop.  I  ran  a  net¬ 
work  security  scan  and  found 
at  least  50  computers  set  up 
to  do  this.  How  was 
that  possible? 

All  50  were  new 
Dell  machines.  I 
called  down  to  the 
lab  where  desktop 
system  images  are 
created.  A  tech  an¬ 
swered,  and  I  asked  him  if  he 
knew  why  Google  Desktop 
was  installed  on  the  new 
systems.  “Yes,”  he  said.  “The 
new  Dell  systems  came  with 
it  installed.  We  thought  it  was 
a  useful  tool,  so  we  included  it 
in  our  standard  image.” 

The  question  that  immedi¬ 
ately  reverberated  in  my  head 
was,  Why  weren’t  the  security 
implications  considered?  What 
I  said  was,  “This  is  a  security 
problem  for  us,  and  we  have  to 
uninstall  it  as  soon  as  possible. 
I’ll  put  together  a  meeting.” 

Problem  Caught  In  Time 

The  good  news  is  that  I  caught 
this  security  lapse  before 
all  agency  desktops  were  re¬ 
placed  in  our  current  system 
refresh.  In  fact,  since  desktops 
are  being  replaced  about  50  at 
a  time,  I  had  caught  it  pretty 
early.  The  realization  that 
the  problem  could  have  been 
worse  cheered  me  up  a  bit. 

Admittedly,  the  person  who 
decided  to  leave  Google  Desk¬ 
top  on  the  new  computers  had 
no  reason  to  suspect  that  the 


program  could  cause  a  serious 
security  vulnerability.  The 
root  of  the  problem  lay  in  our 
quality  assurance  processes. 
And  that  means  that  if  I  was 
going  to  be  irritated  at  anyone, 
it  would  have  to  be  me. 

I  am  in  charge  of  all  IT  proc¬ 
esses  and  had  failed  to  make 
sure  that  we  had  a  certification 
process  for  new  systems.  I  was 
focused  on  auditing  the  envi¬ 
ronment.  And  in  the 
meantime,  I  made 
assumptions  —  one 
of  the  surest  ways  to 
get  myself  into  trou¬ 
ble.  I  assumed  that 
the  image  had  not 
changed.  I  assumed 
it  would  not  change.  I  assumed 
I  would  be  asked  before  some¬ 
one  made  a  change.  No  way 
around  it,  this  was  my  fault. 

Several  staffers  came 
knocking  at  my  door,  having 
heard  about  the  situation  and 
wanting  to  know  why  it  was 
a  big  deal.  I  printed  out  some 
articles  on  Google  Desktop  for 
their  edification.  I  had  filed  in 
my  brain  the  factoid  “Google 
Desktop  =  security  vulnerabil¬ 
ity”  at  least  a  year  ago. 

But  apparently,  my  staffers 
don’t  read  the  security  news. 

I  don’t  want  to  make  them 
do  that;  they  work  hard  as  it 
is.  But  I  wondered  whether  I 
should  put  together  for  them 
highlights  of  the  latest  in  secu- 


If  this 
feature 

were  enabled  by 
default,  there 
would  be  hell  to 
pay. 


rity  vulnerabilities  on  a  weekly 
or  monthly  basis  to  prevent 
this  kind  of  thing  from  hap¬ 
pening  again. 

So,  what  is  the  big  deal 
about  Google  Desktop?  At 
Google’s  desktop.google.com 
site,  it  says,  “Google  Desktop 
gives  you  easy  access  to  infor¬ 
mation  on  your  computer  and 
from  the  Web.  It’s  a  desktop 
search  application  that  pro¬ 
vides  full  text  search  over  your 
e-mail,  files,  music,  photos, 
chats,  Gmail,  Web  pages  that 
you’ve  viewed  and  more.” 

That  all  sounds  pretty  good, 
huh?  But,  read  on: 

“Removing  deleted  files 
from  search  results  —  Some 
users  like  the  fact  that  Google 
Desktop  saves  cached  versions 
of  deleted  files  in  case  they 
need  to  retrieve  them.  But  we 
know  this  isn’t  for  everyone. 
Don’t  want  to  see  deleted  files 
in  your  search  results?  Just  en¬ 
able  the  ‘remove  deleted  items’ 
option  in  your  Desktop  prefer¬ 
ences.” 

It  Gets  Scarier 

In  and  of  itself,  this  isn’t 
scary  (even  though  the  option 
should  be  disabled  by  default 
—  in  Windows,  you  can  always 
retrieve  deleted  files  if  you 
have  the  right  utilities).  So  far, 
we  have  an  application  that  in¬ 
dexes  everything  on  our  users’ 
computers  so  they  can  search 
them  and  find  information 
quickly.  That  is  a  totally  cool 
feature  in  an  age  when  we  are 
inundated  with  so  much  infor¬ 
mation  we  can’t  think  straight. 
But  there’s  more: 

“Search  Across  Computers 
enables  you  to  search  your 
documents  and  viewed  Web 
pages  across  all  your  comput¬ 
ers.  For  example,  you  can 
find  files  you  edited  on  your 
desktop  from  your  laptop.  To 
activate  this  feature,  you  will 
need  a  Google  Account  (the 
same  log-in  you  use  for  Gmail, 
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Orkut  or  other  Google  ser¬ 
vices).  Files  accessed  on  your 
computer  after  you  enable 
Search  Across  Computers  will 
be  searchable  from  your  other 
computers. 

“To  search  your  other  com¬ 
puters,  you  must  also  install 
Google  Desktop  on  them,  as 
well  as  enable  the  Search 
Across  Computers  preference 
using  the  same  Google  Ac¬ 
count  on  each  one. 

“In  order  to  share  your  in¬ 
dexed  files  between  your  com¬ 
puters,  we  securely  transmit 
this  content  to  Google  Desktop 
servers  located  at  Google.  This 
is  necessary,  for  example,  if 
one  of  your  computers  is 
turned  off  or  otherwise  offline 
when  new  or  updated  items 
are  indexed  on  another  of  your 
machines.  We  store  this  data 
temporarily  on  Google  Desk¬ 
top  servers  and  automatically 
delete  older  files,  and  your 
data  is  never  accessible  by 
anyone  doing  a  Google  search.” 

The  italics  are  mine,  al¬ 
though  you  probably  could 
spot  the  security  problem  on 
your  own. 

The  good  news  is  that  this 
feature  isn’t  enabled  by  default. 
If  it  were,  there  would  be  hell 
to  pay.  It  would  allow  our  us¬ 
ers  who  have  Google  Desktop 
and  Gmail  accounts  to  share 
data  across  the  Google  servers 
and  wherever  else  they  hap¬ 
pened  to  log  into  a  computer 
—  and  that  could  include  data 
protected  under  the  Health 
Insurance  Portability  and  Ac¬ 
countability  Act. 

As  it  turns  out,  only  one 
of  our  users  had  a  Gmail  ac¬ 
count,  and  the  Search  Across 
Computers  feature  had  not 
been  enabled.  But  when  I 
think  about  the  thousands  of 
computers  using  this  feature 
and  the  quantity  of  data  being 
cached  by  Google,  I  get  the 
creeps.  ► 


WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real 
security  manager,  “C.J.  Kelly,"  whose  name 
and  employer  have  been  disguised  for 
obvious  reasons.  Contact  her  at  mscjkelly® 
yahoo.com,  or  join  the  discussions  in  our 
security  blogs:  computerworld.com/ 
blogs/security 

To  find  a  complete  archive  of  our  Security 
Manager's  Journals,  go  online  to 

computerworld.com/secjournal 


Parents  Appeal 
Hacking  Expulsions 

The  parents  of  two  high 
school  students  in  York 
County,  Pa.,  are  fighting  the 
expulsion  of  their  sons  for 
allegedly  breaking  into  the 
school  district’s  computer 
system.  The  appeals  filed 
against  the  Central  York 
School  Board  claim  that  the 
school  district  is  violating 
the  boys’  constitutional 
rights  by  expelling  them. 

More  Data  Stolen 

Two  computers  stolen 
from  a  Jeffersonville,  Ind., 
health  center  last  month 
contain  data  that  may 
include  names,  addresses, 
birth  dates.  Social  Security 
numbers,  and  medical  and 
billing  information  for  more 
than  7,500  women.  The 
health  center  has  a  state 
contract  to  manage  the 
Indiana  Breast  and  Cervi¬ 
cal  Cancer  Program.  Both 
the  computers  and  the  hies 
containing  the  information 
are  password-protected. 

wWSSaaWssBIi 

Initiative  to  Tackle 
ID  Governance 

Oracle  Corp.  announced  the 
Identity  Governance  Frame¬ 
work,  an  open  initiative  to 
improve  the  management 
and  protection  of  identity 
data  as  it  flows  across  ap¬ 
plications.  Several  vendors 
have  already  reviewed  a 
draft  of  the  framework  and 
plan  to  help  develop  full 
specifications. 

Firm  Faces  Fine  for 
Software  Glitch 

A  British  company  may 
face  a  fine  of  nearly  $2 
million  after  a  software 
problem  caused  the  London 
Underground  to  shut  down 
during  rush  hour  last  month. 
New  software  uploaded  by 
Metronet  Rail  over  a  week¬ 
end  contained  a  revised 
timetable,  causing  delays 
that  lasted  a  week. 


If  you  buy  a  storage  system  now,  why  not  choose  one  that  can  also 
address  your  data  needs  later?  Take  the  IBM  System  Storage™  DS4200 
Express.  It  scales  from  1TB  to  56TB  and  anywhere  in  between1  - 
more  than  some  of  its  biggest  competitors.2  It’s  also  more  compatible 
with  more  operating  systems,  giving  you  a  simple  and  cost-effective 
way  to  grow.3  Because  with  IBM,  innovation  comes  standard. 


SCALES  FROM  GOT-IT-COVERED  TODAY 
TO  WE-CAN-HANDLE-IT  TOMORROW. 


IBM  System  Storage  DS4200  Express 


An  easy-to-use  disk  system  for  managing  your  growing  data  needs, 
with  a  comprehensive  hardware/software  3-year  limited  warranty4 


Industry-standard  19"  rack 

Scales  from  1TB  to  56TB,  helping  to  protect  your  investment  as  you  grow 
Heterogeneous  OS  support  -  no  other  midrange  disk  storage  product  is  more  compatible 
Supports  unique  4  Gbps  interface;5  500GB  SATA  II  hard  disk  drives1 
Fibre  Channel  Switched  (FC-SW)  and  Fibre  Channel  Arbitrated  Loop  (FC-AL)  standard 
Complimentary  installation  and  configuration  courseware  CD 

From  $11,474*  or  $297/month6 


’Price  dqes  not  include  hard  drives.  A  minimum  of  two  hard  drives  is  required.  All  prices  are  IBM's  estimated  retail  selling  prices  as  of  October  4,  2006  Prices 
may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was 
developed  for  offerings  in  the  United  States.  ISM  may  not  offer  the  products,  features  or  services  discussed  in  this  document  in  other  countries.  Prices  subject  to 
change  without  notice.  Contact  your  IBM  representative  or  iBM  Business  Pariner  for  the  most  current  pricing  in  your  geography,  1:  Denotes  raw  storage  capacity;  usable 
storage  capacity  may  be  less  than  stated.  Capacity  stated  in  uncompressed  mode  followed  by  capacity  using  data  compression  technology.  2.  Compared  to  EMC 
CLARiiON  CX300  and  HP  StorageWorks  MSA  1000.  3.  Compared  to  HP  SlorageWorks  MSA  1000,  HP  StorageWorks  MSA  1500  and  EMC/Del!  AX150.  4  IBM 
hardware  products  are  manufactured  from  new  parts,  or  new  and  serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  Telephone  support  may  be  subject  to 
additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  belore  sending  a  technician.  On-site  warranty  is  available  only 
for  selected  components.  5.  As  compared  to  other  major  storage  vendors.  6.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  ILC  in  the  United  Slates 
and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  for  planning  purposes  only 
and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  an  FMV  lease  of  36  monthly  payments.  Oilier  restrictions  may  apply.  Rales  and 
offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM,  ihe  IBM  logo  and  System  Storage  are  trademarks  or  registered  trademarks  ot  International 
Business  Machines  Corporation  in  Ihe  United  Slates  and/or  other  countries  Other  company,  product  and  service  names  may  be  trademarks  or  seivice  marks  ot  others. 
©  2006  IBM  Corporation.  All  rights  reserved. 


WHY  WAIT? 

PAY  $0  FOR  THE  NEXT  3  MONTHS. 

Get  the  DS4200  Express  now 
and  defer  payment  for  the 
next  3  months. 


Ibm.com/ 

systems/innovate70 


1  866-872-3902 

I  mention  104CE47A 
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Unisys  Unleashes 
Dual-Core  Servers 

■  Unisys  Corp.  last  month 
expanded  its  ES7000/0ne 
enterprise  server  line  with  new, 
less  expensive  models  that  are 
built  with  Intel  dual-core  Xeon 
processors.  The  new  models, 
previously  code-named  Tulsa, 
are  the  7110M,  7120M  and 
7140M.  Unisys  said  prices  are  up 
to  35%  lower  than  those  of  ex¬ 
isting  models  in  this  line.  Pricing 
ranges  from  $29,000  for  a  four- 
processor  system  to  $350,000 
for  a  32-processor  system.  The 
systems  are  available  now. 


Appliance  Finds 
Risky  Messages 

■  InBoxer  Inc.  in  Concord,  Mass., 
last  week  announced  the  InBoxer 
Anti-Risk  Appliance  to  help 
companies  quickly  identify  risky 
e-mail  messages.  The  appliance 
can  also  monitor  e-mail  traffic  to 
ensure  compliance  with  govern¬ 
ment  regulations  and  laws  such 
as  the  Sarbanes-Oxley  Act.  The 
Presearch  software  in  the  ap¬ 
pliance  analyzes  each  message 
for  70  of  the  most  common  risks 
and  for  additional  criteria  de¬ 
fined  by  the  user,  the  vendor  said. 
The  appliance  can  also  be  used 
to  find  messages  connected  to 
investigations  into  reports  of 
identity  theft,  harassment  or 
privacy  breaches.  Available  now, 
the  combined  software  and  hard¬ 
ware  appliance  starts  at  $5,000. 


Kyocera  Unveils 
Color  Printers 

■  Kyocera  Mita  America  Inc. 
last  week  announced  two  high- 
capacity,  workgroup  color  print¬ 
ers  with  features  designed  for 
corporate  users.  The  FS-C5015N 
printer,  which  retails  for  $1,270, 
and  the  F3-C5025N  printer, 
which  retails  for  $2,013,  each 
have  an  Ethernet  interface,  a 
500-sheet  paper  drawer  and  a 
100-sheet  tray  for  multiple  paper 
formats.  Both  devices  feature 
600-dpi  image  quality,  have  a 
standard  print  memory  of  128MB 
and  can  be  configured  with  an 
optional  40GB  hard  disk  drive, 
the  vendor  said. 
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DAVID  STROM 

Why  Bluetooth 
Is  Still  a  Pain 


BLUETOOTH  products  have  a  certain  cachet. 
They’re  sexy  and  smart-looking,  they’re 
small,  and  they  can  be  fun  to  use.  But  sup¬ 
porting  them  from  an  enterprise  IT  perspec¬ 
tive  can  be  a  real  toothache  and  may  require 
some  significant  extractions,  or  at  least  careful  planning. 


Bluetooth  is  short-range 
wireless,  meaning  it  covers 
a  range  of  about  25  feet.  Its 
most  popular  implementa¬ 
tion  has  been  in  hands-free 
headsets  for  cell  phones, 
and  indeed  there  are  doz¬ 
ens  of  models  to  choose 
from,  some  of  which  are 
quite  good.  But  if  you  want 
to  do  more  than  have  a  cute 
headset  for  your  cell  phone 
users,  you’ll  quickly  find 
that  there  is  no  real  stan¬ 
dard.  Sure,  there  are  plenty 
of  phrases  that  look  like  standards.  Just 
take  a  look  at  this  acronym  soup: 

■  A2DP  (Advanced  Audio  Distribu¬ 
tion  Profile) 

■  AVRCP  (Audio/Video  Remote 
Control  Profile) 

■  BIP  (Basic  Imaging  Profile) 

■  OPP  (Object  Push  Profile) 

■  HSP  (Headset  Profile) 

■  HFP  (Hands-Free  Profile) 

■  GOEP  (Generic  Object  Exchange 
Profile) 

The  problem  is  that  not  every  Blue¬ 
tooth  product  supports  every  profile. 
Moreover,  some  of  them  —  like  A2DP, 
which  is  used  to  send  stereo  sound  to 
a  headset  —  are  still  being  worked  on 
and  are  particularly  problematic. 

And  that’s  just  the  start  of  how  hairy 
Bluetooth  is.  Some  Bluetooth  USB 
dongles  —  not  to  mention  the  built-in 
Bluetooth  support  in  desktops  and 
laptops  —  don’t  support  all  the  various 
profiles,  so  you  could  have  a  Bluetooth 
keyboard  that  doesn’t  talk  to  your 
PC  but  a  headset  that  does,  with  the 
same  dongle.  Or  you  have  a  Bluetooth 


keyboard  that  installs 
software  that  gets  in  the 
way  of  a  Bluetooth  headset 
because  the  two  devices 
support  different  profiles. 
This  isn’t  yet  a  consumer- 
friendly  place  to  be,  let 
alone  an  enterprise-IT- 
friendly  place. 

The  next  challenge 
comes  when  you  pair 
the  same  Bluetooth  part 
with  multiple  devices, 
such  as  cell  phones  and 
computers,  or  you  want 
to  do  more  than  have  a  remote  head¬ 
set.  Then  you  have  to  rely  on  the  PC 
makers’  different  implementations 
of  Bluetooth  protocol  support.  On 
my  year-old  Dell  laptop,  the  built-in 
Bluetooth  adapter  was  almost  worth¬ 
less  and  could  barely  connect  with 
anything.  After  looking  at  more  than  a 
dozen  products,  I  found  that  many  of 
them  worked  fine  as  long  as  I  used  the 
Bluetooth  USB  dongle  that  came  with 
each  product. 

When  I  installed  several  different 
dongles  on  my  PC  —  which  you  might 
want  to  do  when  testing  a  bunch  of 
different  products  —  the  computer 
would  get  confused  because  the  differ¬ 
ent  Bluetooth  support  services  step  on 
one  another.  The  support  services  also 
bury  themselves  deep  in  the  Windows 
registry,  which  means  getting  rid  of 
them  would  require  difficult  surgery  in 
the  registry,  so  I  ended  up  reimaging 
my  PC  to  restore  it  to  its  pristine  state. 

This  isn’t  yet  for  the  general  user, 
since  the  words  “reimage  your  drive” 
may  strike  fear  into  their  hearts.  I  rec¬ 


DAVID  STROM  is  a  writer, 
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ommend  that  you  find  a  USB  dongle 
that  will  support  the  widest  collection 
of  devices  and  stick  with  it  as  your  cor¬ 
porate  standard. 

On  some  products,  I  tried  four  or 
five  USB  adapters  that  weren’t  recog¬ 
nized.  A  Lexmark  P450  photo  printer 
didn’t  even  recognize  one  that  was  on 
the  manufacturer’s  recommended  list. 
It  was  using  a  different  firmware  ver¬ 
sion,  I  guess.  But  I  shouldn’t  have  to 
guess,  and  neither  should  your  users. 

The  third  problem  with  Bluetooth 
has  to  do  with  the  miserable  support 
for  it  in  Microsoft’s  Windows  XP.  And 
the  situation  isn’t  much  better  with 
Mac  OS  and  Linux.  Many  laptop  mak¬ 
ers  have  substituted  support  software 
from  Widcomm/Broadcom  or  others 
because  the  built-in  stack  from  Micro¬ 
soft  does  so  little  and  supports  so  few 
Bluetooth  products. 

So  an  obvious  step  here  is  to  careful¬ 
ly  test  the  various  stacks  and  settle  on 
one  that  you  can  deploy  corporatewide. 
Some  stacks  come  with  USB  dongles, 
so  again,  standardizing  on  the  right 
combination  can  really  help  reduce 
your  support  burden. 

You’ll  have  to  experiment  with 
various  combinations  of  stacks,  don¬ 
gles  and  Bluetooth  devices  until  you 
find  the  right  mix. 

In  many  respects,  the  state  of  Blue¬ 
tooth  today  is  akin  to  where  Ethernet 
was  back  in  1990  or  Wi-Fi  around  1992: 
a  series  of  incompatible  technologies, 
poorly  adopted  protocols  and  different 
implementations  that  will  conflict  with 
one  another  when  more  than  one  thing 
is  installed  on  the  same  PC. 

I  don’t  want  to  paint  all  Bluetooth 
products  with  the  same  brush;  there 
are  some  great  products  out  there.  I 
just  don’t  want  to  have  to  reimage  my 
drive  when  I  want  to  switch  between 
them.  » 


WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives  go  to: 

www.computenvorld.com/columns 
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IT  MENTOR 

Talking  the  Walk 

If  you  want  to  speak  the  language  of  business, 
says  Tom  Bugnitz,  talk  about  the  services 
IT  provides  to  the  company  rather  than  the 
activities  it  executes  to  provide  those  ser¬ 
vices.  Here’s  how  it’s  done.  PAGE  42 


OPINION 

Expectations  and  Violations 

When  things  go  wrong  on  a  project,  people  look  to 
problems  with  products  and  processes.  But  that’s 
seldom  where  the  real  difficulties  lie,  says  Paul  Glen. 
At  the  first  sign  of  trouble,  look  for  strained  rela¬ 
tionships.  PAGE  44 


The  role  of  the 
information 
security 
professional, 
like  the  risks  it 
seeks  to  mitigat 
is  continually 
evolving. 

By  Mary  K.  Pral 


RIAN  haddock,  Patricia 
Myers  and  Marjan  Rajabi 
started  their  careers  in  very 
different  places:  Haddock 
repossessed  cars,  Myers 
worked  in  banking,  and  Rajabi  was  an 
electrical  engineer.  Now,  however,  they 
share  a  common  link:  They’re  all  infor¬ 
mation  security  professionals. 

Such  a  diversity  of  backgrounds 
might  seem  odd,  but  this  emerging  field 
is  attracting  a  variety  of  workers  who 
are  drawing  on  their  prior  business  ex¬ 
perience  —  whatever  it  might  be  —  to 
develop  the  kind  of  technological  safe¬ 
guards  and  corporate  policies  that  keep 
companies’  information  assets  secure. 

Through  self-directed  study  and  on- 
the-job  learning,  Haddock,  Myers  and 
Rajabi  each  earned  a  certification  that 
indicates  both  broad  knowledge  and 
practical  experience  as  an  information 
security  professional.  But  while  many 
have  taken  that  path  in  the  recent  past, 
the  profession’s  maturation  is  raising 
the  bar  on  job  requirements  in  the  field. 
Hiring  managers  say  they  still  want  to 
see  certification,  but  they  also  look  for 
an  IT  degree  —  ideally  one  focusing  on 


information  security  —  as  well  as  busi¬ 
ness  acumen. 

“There  are  great  security  people  who 
didn’t  come  in  with  a  degree,  and  I 
don’t  take  someone  out  of  consideration 
if  they  don’t  have  a  degree.  But  we’re 
starting  to  see  much  more  emphasis  on 
professional  training  and  college,”  says 
Jim  Molini,  who  holds  a  CISSP  designa¬ 
tion  (see  box,  page  40).  Molini  is  deputy 
program  manager  for  enterprise  servic¬ 
es  at  The  Mitre  Corp.,  a  not-for-profit 
government  contractor  with  headquar¬ 
ters  in  Bedford,  Mass.,  and  McLean,  Va. 


These  changing  standards  don’t 
come  as  a  surprise  to  industry  leaders 
such  as  Myers,  who  holds  the  CISSP- 
ISSMP  certification  and  is  chairperson 
of  the  (ISC)2  board  of  directors  and  the 
information  security  manager  at  a  large 
specialty  retailer. 

The  nonprofit  (ISC)2,  or  International 
Information  Systems  Security  Certifi¬ 
cation  Consortium,  has  certified  more 
than  42,000  information  security  pro¬ 
fessionals  in  110  countries.  The  17-year- 
old  organization  issues  the  CISSP  and 
several  related  designations. 


In  1986,  Myers  was  working  in  the 
finance  division  of  a  bank  when  she 
was  tapped  to  develop  an  information 
security  program.  She  joined  the  Infor¬ 
mation  Systems  Security  Association 
(ISSA),  took  security-related  classes 
and  reached  out  to  colleagues  doing 
similar  work.  “At  that  time,  there  were 
no  colleges  and  universities  that  were 
offering  courses,”  Myers  says.  “\’ou 
learned  by  taking  [noncollege]  courses, 
finding  a  good  support  group  of  people 
who  already  knew  the  business  and 
attending  special  conferences.” 
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»hat  a  CISSP  Knows 

(S3C)2  issues  the  Certified  Information 
Systems  Security  Professional  based 
on  knowledge  in  the  following  10 
domains: 

a  Access  control 
a  Application  security 

fi  Business  continuity  and  disaster  recovery 
planning 

■  Cryptography 

■  Information  security  and  risk  management 
b  Legai,  regulations,  compliance  and 

investigations 

■  Operations  security 

■  Physical  (environmental)  security 

■  Security  architecture  and  design 

■  Telecommunications  and  network  security 


What  It  Takes 

It  takes  more  than  certification  or  a  col¬ 
lege  degree  to  be  a  successful  informa¬ 
tion  security  professional.  Here  are  some 
other  typical  requirements,  according  to 
those  in  the  field: 

■  A  skeleton-free  closet.  No  felonies  or  convic¬ 
tions  on  charges  that  could  be  considered  a 
breach  of  trust,  and  particularly  no  history  of 
hacking  or  other  computer  crimes. 

■  An  analytical  mind  that  can  recognize  and 
rate  risks  and  threats. 

■  A  solid  understanding  of  IT. 

■  A  well-rounded  knowledge  of  business 
processes. 

■  The  ability  to  negotiate,  sell  your  ideas  on 
security  and  get  people  on  board. 

■  A  passion  for  security. 

■  A  can-do  attitude. 


Security’s 
Alphabet  Soup 

What  do  all  those  letters  mean?  Here  are 
some  certifications  in  the  information 
security  field: 

CISSP:  Certified  Information  Systems  Security 
Professional 

S3SAP:  Information  Systems  Security 
Architecture  Professional 

ISSMP:  Information  Systems  Security 
Management  Professional 

<S3EP:  Information  Systems  Security 
Engineering  Professional 

CAP:  Certification  and  Accreditation 
Professional 

SSCP:  Systems  Security  Certified  Practitioner 

CPTS:  Certified  Penetration  Testing 
Specialist 

CPTE:  Certified  Penetration  Testing  Expert 
:  A:  Certified  Information  Systems  Auditor 

iSM:  Certified  Information  Security  Manager 
-  MARY  K.  PRATT 
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Today,  however,  Myers  says  compa¬ 
nies  are  increasingly  looking  for  profes¬ 
sionals  who  have  more  formal  training 
and  experience  in  information  security 
—  a  trend  that  follows  the  rise  of  repu¬ 
table  training  and  academic  programs 
such  as  those  offered  by  (ISC)2  and 
some  colleges.  She  points  out  that  some 
schools  are  now  even  offering  doctoral 
degrees  in  “information  assurance.” 

These  evolving  standards  correspond 
to  the  broadening  responsibilities  of  in¬ 
formation  security  professionals,  says 
Bill  Hodge,  who  holds  the  CISA  and 
CISSP  certifications  and  is  the  owner 
of  W.L.  Hodge  Consulting  LLC,  a  Knox¬ 
ville,  Tenn.-based  firm  focusing  on 
information  systems  governance.  “We 
define  who  or  what  has  access  to  what 
information  when,”  Hodge  says. 

Information  security  professionals 
once  installed  firewalls,  password  pro¬ 
tections  and  encryption  programs;  now 
they  manage  them.  But  they  also  have 
to  deal  with  the  complex  applications 
that  help  companies  comply  with  a 
growing  list  of  federal  and  state  regula¬ 
tions  aimed  at  protecting  sensitive  data. 
These  regulations  include  the  Gramm- 
Leach-Bliley  Act,  the  Health  Insurance 
Portability  and  Accountability  Act  and 
the  Sarbanes-Oxley  Act. 

“That’s  absolutely  driving  the  need 
for  these  professionals,”  says  Audrey 
Pantas,  chief  information  risk  officer 
at  Xerox  Corp. 


Winding  Roads 

Hodge  got  into  information 
security  through  his  work 
as  an  accountant,  drawing 
on  the  IT  experience  he  had 
gained  as  a  help  desk  worker 
in  college.  He  says  didn’t  like  tax  work 
but  enjoyed  developing  software.  So 
he  was  happy  when  he  landed  a  job  at 
PricewaterhouseCoopers  doing  IT  au¬ 
dits,  where  he  examined  the  controls  in 
companies’  information  systems.  That 
led  to  looking  at  systems  overall,  giv¬ 
ing  him  experience  in  the  10  domains 
required  for  CISSP  certification. 

Hodge  says  holding  the  certification 
is  crucial.  “If  you  want  to  be  in  the  in¬ 
dustry,  it’s  great  to  have  a  level  of  expe¬ 
rience.  But  to  prove  you  have  the  level 
of  knowledge,  you  have  to  have  the 
certification,”  he  says.  Hodge  earned 
his  CISSP  designation  in  2005. 

Brian  Haddock,  CISSP,  a  security  en¬ 
gineer  at  Magellan  Health  Services  Inc. 
in  Avon,  Conn.,  agrees.  With  so  many 
people  coming  into  the  profession  from 
other  fields,  certification  shows  that 
you  have  enough  education  and  experi¬ 
ence  to  do  the  job,  he  says. 

Haddock  repossessed  cars  and 


worked  as  a  private  investigator  before 
getting  into  IT  in  1997,  when  he  took  an 
entry-level  technical  position.  Draw¬ 
ing  on  his  prior  experience  as  a  PI,  he 
immediately  foresaw  that  companies 
would  need  security  people. 

“At  the  time,  many  companies  were 
coming  online  and  using  communica¬ 
tion  technologies  for  their  business,” 
Haddock  says.  “I  knew  it  was  a  matter 
of  time  before  these  businesses  would 
have  to  learn  to  use  this  technology  in  a 
secure  manner.  I  knew  that’s  where  my 
niche  would  be.” 

He  educated  himself,  grilling  col¬ 
leagues  for  lessons  on  IT  systems,  the 
Internet  and  security.  He  practiced  his 
emerging  skills  on  his  home  network, 
and  he  took  a  CISSP  certification  prep 
course  at  Georgetown  University. 

Despite  all  that,  Haddock  says  he 
still  felt  he  needed  actual  certification 
to  verify  all  that  he  had  learned,  so  he 


I  knew  it  was  a 
matter  of  time 
before  these  business¬ 
es  would  have  to  learn 
to  use  this  technology 
in  a  secure  manner.  I 
knew  that’s  where  my 
niche  would  be. 


BRIAN  HADDOCK,  SECURITY  ENGINEER, 
MAGELLAN  HEALTH  SERVICES  INC. 


earned  it  in  2003.  He  says  he  expects 
future  information  security  profession¬ 
als  to  have  even  stronger  credentials. 

“Going  forward,  I  don’t  know  how 
you’re  going  to  get  into  information 
security  without  a  college  degree  and 
an  understanding  of  business,”  says 
Haddock,  who  adds  that  he’s  enrolling 
in  college-level  business  classes  to  beef 
up  that  area  of  his  resume. 

Pantas  agrees  that  information  se¬ 
curity  experts  need  strong  technical 
skills  and  business  knowledge  as  well 
as  degrees  and  certifications.  She  start¬ 
ed  her  career  as  a  programmer,  moving 
up  through  the  IT  ranks  as  she  earned 
a  bachelor’s  degree  in  organizational 
management  and  an  MBA.  She  worked 
on  Xerox’s  disaster  recovery  plan  after 
the  Sept.  11  attacks,  a  role  that  helped 
her  land  her  current  job  in  2003. 

As  much  experience  as  she  has, 
though,  Pantas  says  she  wants  to  earn 
CISSP  certification.  “Certification  in 
itself  is  valuable,”  she  says,  explaining 
that  the  CISSP  designation  proves  that 
the  holder  has  obtained  the  required 


experience  and  expertise.  Plus,  security 
professionals  are  required  to  continue 
learning  in  order  to  hold  on  to  the  cer¬ 
tification,  a  point  not  lost  on  executives. 

Despite  that,  Pantas  says  she  doesn’t 
make  certification  a  requirement  for 
job  applicants  —  though  she  does  pre¬ 
fer  it.  If  they’ve  got  the  right  IT  back¬ 
ground  and  business  skills,  she  says, 
“it’s  easier  to  teach  them  the  security.” 

Tougher  Requirements 

ut  some  see  the  door  closing 
for  noncertified  candidates. 
Companies  that  once  hired  in- 
formation  security  profession- 
WEW  als  who  didn’t  hold  degrees 
or  certifications  are  now  emphasizing 
or  even  requiring  certification.  “When 
I  see  a  certification,  I  see  they’ve  really 
gone  a  few  steps  beyond  what  others  in 
the  profession  might  have  done,”  says 
Mitre’s  Molini.  Employers  are  also  in¬ 
creasingly  seeking  people  with  college 
degrees  or  concentrations  in  informa¬ 
tion  security. 

In  response,  DeVry  University’s 
Keller  Graduate  School  of  Management 
offers  an  MBA  with  concentrations  in 
security  management  and  information 
security,  as  well  as  a  graduate  certifi¬ 
cate  in  information  security.  Likewise, 
Colorado  Technical  University  has  a 
master’s  in  management  with  an  infor¬ 
mation  systems  security  concentration. 
And  Iowa  State  University  offers  a 
master’s  in  information  assurance. 

Such  education  and  training  are  re¬ 
quired  on  top  of  standard  IT  skills  to 
land  a  job  today.  Candidates  must  have 
solid  IT  abilities,  business  acumen  and 
interpersonal  skills,  such  as  the  ability 
to  communicate  and  negotiate. 

And  there’s  more.  “It’s  a  mind-set,” 
says  Rajabi,  the  electrical  engineer 
who  now  holds  a  CISSP  and  is  IT  risk 
management  and  security  service 
manager  at  Farmers  Insurance  Group 
of  Companies.  “It’s  understanding  that 
security  has  to  be  adequate  and  rea¬ 
sonable;  you  have  to  value  security  but 
understand  your  risks  and  not  be  too 
paranoid.” 

“There  will  be  a  strong  demand  for 
people  who  have  the  education,  the 
experience,  the  certification  and  show 
true  professionalism,”  says  Dorsey 
Morrow,  CISSP,  ISSMP  and  director  of 
legal  services  at  (ISC)2. 

It’s  a  tall  order,  but  the  payoff  is  big. 
Several  information  security  profes¬ 
sionals  confirm  that  salaries  in  the  field 
can  easily  exceed  $100,000  annually.  * 


Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.  net. 


By  2010,  the  increase  in  expense  to  power  and  cool  servers  is  projected  to  be  approximately  four  times  the 
increase  in  new  server  spending.1  The  IBM  System  x3655  Express  can  help  control  rising  energy  costs  starting 
today.  How?  It  comes  with  an  ingenious  technology  called  PowerExecutive™  which  allows  you  to  allocate 
power  to  each  server,  helping  to  optimize  and  save  you  money.2  Only  IBM  has  it.  The  x3655  is  just  one  of 
many  Express  systems  designed  for  business  performance  computing.  With  IBM,  innovation  comes  standard. 
So  why  waste  energy  on  anything  else? 


AUTOMATICALLY  PUTS 
YOUR  BUSINESS  INTO 
ENERGY-SAVING  MODE. 


IBM  System  x3655  Express 

Mission-critical  availability  and  performance  in  an  affordable  package. 


Monitor  power  consumption  and  allocate  power  where  needed  with  PowerExecutive 

64GB  maximum  low-power  DDR2  memory _ 

Choose  flexibility  and  robust  I/O  configuration  with  IBM  extended  I/O _ 

Featuring  the  Next-Generation  AMD  Opteron™  processor  with  AMD  PowerNow!™  technology 
Limited  warranty:  3  years  on-site3 

From  $2,359*  or  $61/month4 


AMDn 


Opteron 


*A||  prices  are  IBM's  estimated  retail  selling  prices  as  ot  October  3, 2006.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end 
users  may  vary.  Producls  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  Slates  IBM  may  nol  otter  the  products,  features  or  services 
discussed  In  this  documenl  In  other  countries.  Prices  subject  io  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features. 
Contact  your  IBM  representative  or  IBM  Business  Partner  tor  Ihe  most  current  pricing  in  your  geography  1.  Based  on  "IDC.  'The  Impact  ot  Power  arid  Cooling  on  Dala 
Center  Infrastructure,'  Document  #201722,  May  2006:  page  six,  which  highlights  that  a  rapidly  rising  servet-instelled  base  is  projected  to  drive  an  increase  in  the  cos!  ol 
power  arid  cooling  over  the  next  five  years.  2.  PowerExecutive  can  help  save  power  during  periods  o(  lower  utilization.  3.  IBM  hardware  products  are  manufactured  torn 
new  pails,  or  new  and  serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  Telephone  support  may  be  subject  to  additional  charges.  For  ori-sile  labor.  IBM  will 
attempt  to  diagnose  and  resolve  Ihe  problem  remotely  before  sending  a  technician  Oil-site  warranty  is  available  only  loi  selected  components.  4.  IBM  Global  Financing 
offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  lo  Qualified  commercial  and  government  customers 
Monthly  payments  provided  are  tor  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  (actors.  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly 
payments.  Other  restrictions  may  apply.  Rates  and  otterings  are  subject  to  change,  extension  or  withdrawal  without  notice.  Information  about  non-IBM  products  is  obtained 
from  the  manufacturers  of  those  products  or  their  published  announcements.  IBM  has  not  tested  those  products  and  cannot  confirm  the  performance,  compatibility  or  any 
other  claims  related  to  non-IBM  products.  Questions  on  the  capabilities  of  non-IBM  products  should  be  addressed  lo  the  suppliers  of  those  products.  IBM,  the  IBM  logo 
and  PowerExecutive  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries  AMD,  the  AMD 
logo!  AMD  Opteron  and  AMD  PowerNow!  are  trademarks  oi  Advanced  Micro  Devices,  Inc.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
of  others.  ©2006  IBM  Corporation  All  fights  reserved. 


WHY  WAIT? 

PAY  $0  FOR  THE  NEXT  3  MONTHS. 

Get  the  System  x3655  Express 
now  end  defer  payment  for  the 
next  3  months. 

Learn  more  at: 


ibm.com/ 

systems/innovate60 


1  866-872-3902 
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FTER  ALMOST  40  YEARS 
in  IT  (sadly,  my  first  pro¬ 
gramming  experience  was 
on  a  computer  with  glow¬ 
ing  vacuum  tubes),  I  remain 
surprised  that  we  are  still 
talking  about  how  IT  peo¬ 
ple  —  whether  they  be  the 
kids  on  the  help  desk,  the 
CIO  or  anyone  in  between 
—  can  better  communicate  the  value  of 
what  they  do  for  the  business.  We  are 
still  trying  to  figure  out  how  to  credibly 
tie  IT  dollars  to  some  bottom-line  result. 

There  are  many  theories  about  why 
IT  can’t  seem  to  crack  the  business- 
talk  code,  but  what  I  have  seen  in  many 
businesses  is  that  the  conversation  be¬ 
tween  business  and  IT  is  usually  about 
what  IT  does,  rather  than  what  IT  does 
for  the  business.  While  that  sounds 
simplistic  and  obvious,  it  carries  a  sub¬ 
tle  message:  IT  must  talk  about  the  ser¬ 
vices  it  provides  to  the  business,  rather 
than  about  the  activities  it  executes  to 
provide  those  services. 

The  conversation  takes  place  in  many 
different  ways  and  venues,  but  it  usually 
revolves  around  dollars:  the  cost  of  proj¬ 
ect  development,  the  annual  budget,  the 
amount  business  is  charged  for  IT  ser¬ 
vices.  This  is  as  it  should  be.  IT  spends 
company  dollars  and  management  time 
and  should  explain  its  value  in  terms 
of  how  much  of  those  resources  it  uses, 
how  it  uses  them  and  what  the  business 
gets  in  return.  What’s  wrong,  though,  is 
that  IT  talks  about  dollars  in  categories 
that  don’t  relate  to  the  business  and 
can’t  be  used  by  business  to  make  good 
resource-allocation  decisions. 

I  know  of  a  company  whose  IT  group 
“bills”  all  of  its  project  development 
services  to  business  customers  in  cat¬ 
egories  such  as  specification  delivery, 
configuration  planning,  project  plan¬ 
ning,  acceptance  testing  and  program 
development.  To  IT,  a  project  is  a  col¬ 
lection  of  these  activities.  For  ongoing 
applications,  IT  charges  for  data  stor¬ 
age,  network  data  transfer  and  CPU 
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What  IT  Says  What  Business  Needs  to  Hear 


99.999%  uptime. 


Business  growth  projections 
will  force  an  accelerated  server-farm 
upgrade  program  and  a  20% 
increase  in  the  server  budget. 

This  project  will  transition 
customer-facing  systems  to  a 
Web-based  architecture. 


_ _  ■ 

Customers  can  place  orders  and  make  payments  24/7.  P» 

8 


Systems  will  handle 
all  new  and  existing  customers 
while  reducing  IT  costs  per 
customer  by  10%. 


We're  adding  bandwidth  to  the 
WAN  to  support  anticipated  network  jj 
traffic  growth  in  branch  offices. 

The  new  data  warehouse 
will  provide  faster  access  to 
integrated  corporate  data. 

We  need  to  upgrade 
the  mainframe  from  370  to  740 
MIPS  by  3Q  2007. 


This  project  will  provide  anytime, 
anyplace  access  to  all  customers  for  sales,  service, 
payment  and  product  inquiries. 

Your  branch  offices  will  have 
the  same  tools  and  data  to  support  the  client 
as  people  at  headquarters. 

This  investment  will  reduce  execution  time 
for  new  marketing  programs  by  four  to  six  weeks, 
with  improved  customer  targeting. 

Without  an  increase  in  processing  power,  a  15% 

I  increase  in  orders  will  delay  order  processing  and  will 
increase  product  delivery  times  by  three  weeks. 


The  virtual  server  architecture 
will  provide  greater  system  reliability 
and  easier  capacity  matching  as 
transaction  volume  increases. 


By  investing  $1  million  in  new  servers  and  operating 
software,  the  business  will  be  able  to  handle  sales 
volume  fluctuations  of  up  to  100%  with  no  effect  on 
customer  service  or  product  delivery  schedules. 


usage.  An  application  uses  resources  in 
that  way,  so  that’s  how  IT  bills. 

Those  categories  are  great  for  man¬ 
aging  and  monitoring  IT,  but  they  are 
useless  for  explaining  the  value  that  IT 
delivers.  Business  people  view  those 
categories  as  irrelevant  and  incompre¬ 
hensible.  They  are  paying  for  project 
delivery  that  achieves  a  business  result 
and  applications  that  support  a  busi¬ 
ness  process.  They  don’t  care  about 
configuration  planning  or  CPU  usage; 
they  care  about  customer  access  to  ac¬ 
count  data  or  sales  team  access  to  cus¬ 
tomer  information.  The  focus  has  to 
be  on  what  IT  is  doing  for  the  business, 
not  the  activities  IT  carries  out  to  do  it. 
IT  needs  to  stop  thinking  like  a  tech¬ 
nology  supplier  and  start  thinking  like 
a  business-focused  service  provider. 

As  part  of  that  transition,  IT  needs 
to  communicate  costs  and  impact  in 
business  service  terms.  Here  are  four 
steps,  to  be  implemented  over  a  number 
of  budget  cycles,  that  your  IT  group  can 
take  to  make  this  transition. 

1  Adopt  a  cost  reporting  and  man¬ 
agement  structure  focused  on 
five  business  service  portfolios: 

■  Application  services  — 

H  the  business  support  provided 
by  ongoing  applications.  This  portfolio 
includes  all  the  applications  the  busi¬ 
ness  uses,  with  enough  granularity  that 
the  business  can  make  decisions  about 
individual  applications.  Some  compa¬ 
nies  I  know  have  used  the  applications 
themselves  as  the  line  items,  such  as 
Sales  Tracking  or  Customer  Activity  Re¬ 
porting.  Others  have  combined  applica¬ 
tions  into  the  business  process  that  the 
applications  support,  like  Order  Entry 
or  Sales  Tracking  and  Fulfillment.  The 
portfolio  items  should  be  intuitive  to  the 
business  people  dealing  with  them. 

■  Infrastructure  services  —  the 
technical  services  that  support  the 
business  (e.g.,  e-mail,  remote  network 
access  or  wireless  access). 

■  User  services  —  the  business  user 
support  provided  (e.g.,  help  desks). 

■  Management  services  —  the  inter¬ 
nal  IT  organizational  services  (e.g.,  IT 
strategic  and  annual  planning,  budget¬ 
ing,  IT  human  resources  and  IT  pro¬ 
curement).  This  portfolio  isn’t  critical  to 
the  business,  but  it  is  the  “home”  for  all 
of  the  IT  dollars  the  company  spends.  It 
allows  IT  to  communicate  its  internal 
activities  to  the  business  and  sets  the 
stage  for  helping  IT  and  the  business 
connect  their  management  processes, 
like  connecting  IT  procurement  to  the 
business  units’  IT  capital  budgets. 

■  Project  services  —  those  that  de¬ 
liver  new  business  capability.  The  line 


items  here  are  the  new  projects  that 
IT  is  developing  for  the  business,  like 
a  sales  forecasting  system,  customer 
data  analysis  and  assessments,  or  ex¬ 
panded  customer  Web  access. 

With  these  portfolios  as  the  base,  you 
can  stop  talking  about  “charges  for  data 
storage”  and  start  talking  about  the  cost 
of  operating  an  application,  how  well 
it  works,  how  effectively  it  supports 
the  business  (or  gets  in  the  way)  and 
how  well  IT  supports  the  business  by 
running  the  application.  It’s  no  longer 
about  the  cost  and  amount  of  individu¬ 
al  technical  resource  use;  it’s  about  de¬ 
livering  the  application  to  the  business 
in  a  way  that  allows  the  business  to  use 
it  for  a  positive  business  result. 

Equally  important,  you  need  to 
recast  the  IT  dollars  into  those  port¬ 
folios  so  that  100%  of  that  money  lives 
somewhere  within  them.  You  want  to 
change  the  cost  and  budget  discussion 
from  one  of  dollars  for  server  upgrades 
to  one  of  necessary  service  levels  to 
keep  the  supply  chain  flowing,  the  call 
center  functioning  efficiently  and  the 
business  analytics  providing  great  in¬ 
telligence  about  market  shifts  —  and 
the  costs  of  maintaining  those  levels. 
You  also  want  to  be  able  to  examine 
every  dollar  of  IT  spend  in  a  business 
service  context,  so  you  need  to  put 
every  dollar  into  the  portfolios. 

Note  that  100%  accuracy  isn’t  nec- 


I  essary;  80%  is  good  enough  to  start. 

I  What’s  important  is  to  do  it  in  a  cred- 
I  ible  way  as  a  starting  point. 

Assess  the  performance  of 
each  service  portfolio  -  both 
cost  and  impact  -  in  business 
terms.  This  means  assessing 
■  business  and  strategic  align¬ 
ment,  service  level  and  quality,  respon¬ 
siveness  and  functionality,  and  techni¬ 
cal  and  business  risk.  It’s  not  enough, 
and  not  even  relevant,  to  know  that  an 
application  is  available  99.999%  of  the 
time.  That’s  the  technical  perspective. 

What’s  important  is  that  you  know 
how  much  the  application  really  costs 
the  business,  how  widely  it’s  used,  how 
much  the  business  depends  on  it,  the 
quality  of  the  functions  and  data,  and 
the  technical  and  business  risks  the 
application  carries.  Taking  the  applica¬ 
tion  services  portfolio  as  an  example, 
you  can  ask  questions  such  as:  How 
dependent  is  the  business  on  our  five 
most  expensive  applications?  What  are 
the  quality  levels  of  our  five  most  criti¬ 
cal  applications?  If  any  are  low,  what 
are  we  doing  about  that?  Are  there 
low-quality  applications  that  we  don’t 
depend  on?  Can  we  get  rid  of  those  and 
spend  the  dollars  elsewhere?  Answer¬ 
ing  these  kinds  of  questions  gives  you 
a  definition  of  the  business  impact  of 
each  of  the  services. 


Budget  IT  in  business  service 
terms,  in  the  five  service 
portfolios.  Budgeting  typically 
happens  in  accounting  terms 
H  (salaries,  training,  hardware, 
software  and  licenses).  You  need  to 
work  with  the  business  to  budget  based 
on  the  service  levels  needed  from  each 
portfolio,  the  infrastructure  services 
that  will  result  from  that  need,  the  risk 
mitigation  required  for  critical  applica¬ 
tions,  etc.  Business  people  don’t  care 
about  the  training  budget;  they  care 
about  what  it  will  cost  to  run  and  sup¬ 
port  their  business  applications.  Bud¬ 
geting  in  the  five  portfolios  is  the  basis 
for  that  discussion. 

4  Charge  back  IT  to  business 
units  in  service-to-business 

terms.  This  means  establish¬ 
ing  the  chargeback  scheme 
■  in  terms  of  the  business  use 
of  each  of  the  services  (from  charges 
for  running  the  application  itself  to 
charges  for  business  transactions,  such 
as  each  order  processed,  each  customer 
inquiry  through  the  Web  and  each 
sales  order  received),  rather  than  in 
traditional  resource-utilization  terms 
(like  CPU  time,  disk  space  charges  or 
network  traffic  charges).  Charge  for 
services  as  seen  by  the  business  units 
(the  “demand”  for  IT  services),  not  as 
viewed  by  the  IT  delivery  organization 
(the  “supply”  of  technology).  While 
something  like  the  ITIL  Service  Cata¬ 
log  may  be  useful  to  you  in  building  up 
the  IT  cost  pools  as  the  basis  for  figur¬ 
ing  out  the  business  service  charges, 
it’s  not  the  way  the  business  views  the 
services  it  buys,  so  it’s  ineffective  as  a 
chargeback  framework. 

Because  this  is  a  large  transition  for 
any  organization,  you  should  make  it  in 
small  steps  spread  over  two  to  four  bud¬ 
get  cycles.  In  the  first  budget  cycle,  start 
by  identifying  and  assessing  the  line 
items  in  the  portfolios,  including  a  first 
cut  at  the  actual  cost  for  each  line  item. 
During  the  second  cycle,  use  that  data 
as  input  to  the  “traditional”  budget  proc¬ 
ess  and  categories  and  to  the  strategic 
planning  process  for  the  following  year. 
By  the  third  cycle,  you’ll  be  comfortable 
with  the  business  service  approach  and 
will  have  developed  a  closer  relation¬ 
ship  with  the  business  as  a  result.  * 


Bugnitz  has  served  in  IT  jobs  at  all  levels, 
from  printer  operator  to  director  of  com¬ 
puting  and  telecommunication  services 
at  Washington  University  in  St.  Louis. 

He  is  a  senior  consultant  at  Cutter  Con¬ 
sortium  in  Arlington,  Mass.,  and  presi¬ 
dent  of  The  Beta  Group  in  St.  Louis,  Mo. 
Contact  him  at  tbugnitz@cutter.com. 
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Who  does  the  CIO  report  to? 

Business  unit  executive 
Other:  4.8% 


How  does  your  IT  head  count 
for  2006  compare  with  2005? 


What  is  your  IT  staff  turnover  rate? 
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What  percentage  of  the  2006  IT  budget 
is  allocated  for  offshore  outsourcing? 

[-Less  than  30%:  2.4% 
-Less  than  60%:  0.8% 
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How  do  IT  staff  salaries  for 
2006  compare  with  2005? 
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PAUL  GLEN 

Expectations  and 
Violations 


AS  A  CONSULTANT,  I  regularly  get  calls  to 
help  rescue  struggling  projects.  These 
rocky  initiatives  usually  involve  at  least  a 
million  dollars  of  direct  cost,  if  not  tens  of 
millions,  but  more  important,  future  busi¬ 
ness  prospects  and  personal  careers  are  often  at  stake. 


The  managers  involved 
in  these  projects  have 
taken  substantial  personal 
risks  to  sell  some  senior 
executives  on  the  idea  that 
this  thing  can  be  done  and 
that  they  can  deliver  it. 

As  often  as  not,  multiple 
companies  are  involved  in 
these  efforts.  By  the  time 
I  arrive,  project  sponsors, 

CIOs,  project  managers, 
technical  staffs,  consult¬ 
ing  firms’  account  man¬ 
agers,  software  vendors, 
hardware  suppliers  and 
independent  contractors 
are  all  standing  in  a  circle 
pointing  fingers  of  re¬ 
crimination  at  one  another. 

Sometimes  it  seems  that  as 
a  species,  we  didn’t  really  evolve  to  do 
this  sort  of  work.  Nature  surely  would 
have  provided  more  than  10  digits  for 
casting  blame. 

By  the  time  clients  get  around  to 
calling  me,  they’ve  usually  gone 
through  a  few  stages  of  revelation. 

The  first  stage  is  frequently  initiated 
by  a  missed  deadline.  The  project  is 
trundling  along,  with  most  everyone 
at  least  guardedly  optimistic  about  its 
prospects,  and  then  some  major  deliv¬ 
erable  either  doesn’t  show  up  as  sched¬ 
uled  or  is  bypassed  completely.  Maybe 
the  requirements  document  is  never 
quite  done  or  perhaps  the  design  docu¬ 
mentation  is  completely  abandoned, 
but  coding  forges  ahead  anyway.  Early 
optimism  gives  way  to  concern  and 
determination  not  to  let  things  get  out 
of hand. 

This  first  revelation  precipitates  a 
series  of  urgent  meetings  to  review  the 


status  of  and  make  correc¬ 
tions  to  the  project  plan. 
Dates  are  adjusted.  Tasks 
are  shuffled.  Scope  creep 
may  be  constrained.  But 
rarely  is  there  a  funda¬ 
mental  re-examination  of 
the  premises  on  which  the 
project  was  founded.  Even 
more  rarely  are  the  human 
relationships  within  and 
surrounding  the  project 
examined.  Consideration  is 
limited  to  the  product  and 
process  of  the  project. 

Sometimes  the  first  stage 
of  revelation  gets  repeated 
through  various  incidents 
before  the  second  revela¬ 
tion  appears. 

It  takes  another  type  of 
event  to  elicit  this  second  stage.  Some¬ 
times  customers  complain  about  the 
project  approach,  the  cost,  the  product 
or  the  service.  Sometimes  key  person¬ 
nel  remove  themselves  from  the  project, 
quit  their  jobs  or  feud  with  one  another. 
Sometimes  contractual  relationships 
are  opened  for  renegotiation. 

These  second  events  reveal  that  the 
problems  extend  beyond  the  facts  of 
the  project  to  the  human  and  busi¬ 
ness  relationships  among  people  and 
organizations.  It  becomes  clear  that 
feelings  have  been  hurt,  mutual  expec¬ 
tations  have  been  violated  and  rela¬ 
tionships  have  been  strained,  broken  or 
severed.  And  these  problems  can’t  be 
resolved  with  schedule  changes,  plan 
revisions  or  budget  extensions. 

But  managers  usually  respond  to  the 
second  type  of  revelation  in  the  same 
manner  as  they  do  to  the  first  type. 
Planning  ensues,  but  the  shredded 


PAUL  GLEN  Is  the  direc¬ 


tor  of  the  Developing  Techni¬ 
cal  Leaders  Program  (www. 
developingtechnicalleaders. 

com)  and  author  of  the 
award-winning  book  Leading 
Geeks:  How  to  Manage  and 
Lead  People  Who  Deliver 
Technology  (Jossey-Bass, 
2002).  Contact  him  at 
infotpaulglen.com. 


relationships  may  prevent  replanning, 
or  the  animosity  keeps  resurfacing. 
More  and  more  new  problems  appear, 
or  things  settle  into  a  continual  state 
of  crisis. 

Eventually,  someone  recognizes  that 
human  problems  can’t  be  resolved 
with  money,  time  or  scope  changes. 
Doing  the  same  thing  over  and  over 
is  not  going  to  lead  to  success.  That’s 
when  I  get  the  call. 

To  avoid  reaching  this  sort  of  im¬ 
passe,  there  are  a  couple  of  key  ideas 
you  should  understand. 

First,  the  two  types  of  project  crises 
are  almost  always  born  of  the  same 
underlying  condition.  The  missed 
deadlines  and  busted  budgets  are  usu¬ 
ally  not  merely  the  result  of  underesti¬ 
mation.  They  are  frequently  the  early 
warning  signs  of  strained  relationships. 
And  the  anxiety  of  the  missed  dead¬ 
lines  further  burdens  those  relation¬ 
ships. 

Second,  the  hurt  feelings  that  accom¬ 
pany  the  second  stage  of  revelation 
are  perfectly  normal.  They  result  from 
violated  expectations  about  what  will 
be  done,  how  and  when  it  will  happen, 
how  people  will  relate  to  one  another 
and  what  common  values  will  be  held. 

The  problem  isn’t  that  expecta¬ 
tions  are  violated  over  the  course  of 
projects;  it’s  that  we  believe  that  they 
shouldn’t  be.  But  expectations  are  al¬ 
ways  violated.  It  is  inevitable.  Projects 
all  start  in  ignorance  and  confusion 
and  are  completed  in  the  relative  clar¬ 
ity  of  hindsight.  The  process  of  com¬ 
pleting  projects  is  the  process  of  learn¬ 
ing.  As  we  learn,  assumptions  change 
and  feelings  get  hurt. 

If  you  want  to  avoid  calling  me  for 
a  crisis  intervention  (not  that  I  mind), 
think  about  the  human  issues,  the  mu¬ 
tual  expectations  and  their  violations 
at  the  first  sign  of  trouble,  rather  than 
waiting  until  ill  feelings  become  en¬ 
trenched  problems. » 
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He  was  a  hardworking  farm  boy. 

She  was  an  Italian  supermodel. 

He  knew  he  would  have  just 
one  chance  to  impress  her. 


Rosetta  Stone?  The  fastest  and 
easiest  way  to  learn  ITALIAN  . 


Learn  a  language.  Expand  your  world.  Finally,  there’s  a  way  to  learn  a  new  language  that's  easier 
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native  speakers. 
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'  i '  increase  understanding. 
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- a  new  era  of  VoIP  analysis - 

You  convinced  management  to  deploy  VoIP. 
Now  ensure  that  it  will  run  smoothly. 

Rely  on  Network  Instruments'  Observer  to  help  keep 
VoIP  communications  running  at  optimal  performance. 


Learn  more. 
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networkinstruments.com/voip 
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jOCMPUTER/INFOR. 

SOFTWARE  ENGINEER: 

Will  define  system  design,  lead 
development  of  cross  platform, 
multi-tiered,  highly  available 
J2EE  based  distributed  enter¬ 
prise  systems,  with  UML, 
Rational  rose,  Java,  Web  ser¬ 
vices,  Soap,  xml/https, 
EJB/MDBs,  MQ/JMS,  Struts, 
BEA  Web  logic  platform 
w/Oracle  RDBMS.  Will  integrate 
w/legacy  mainframe  systems 
using  MFC,  STL,  CORBA(visi- 
broker/orbix)  w/C++,  java. 
Bachelor’s  degree  w/3  yrs,  40 
hrs/week,  competitive  salary. 

SOFTWARE  DEVELOPER: 

Will  develop,  test  and  implement 
SQL  Server  Database  within  the 
size  of  terabytes  for  Online 
Transmission  Process,  Online 
Analysis  Process  and  for  Data 
Mart  using  Visual  Studio.NET 
(VB.NET,  C#,  VC++),  Crystal 
Reports,  applications  with  MS 
Reporting  Services,  TSQL 
codes  in  MS  SQL  Server  and 
Perl.  Will  create  the  Database 
Objects  using  Transact  SQL  in 
MS  SQL  Server,  and  provide 
support  for  MS  SQL  Server 
database  installation,  configura¬ 
tion  and  maintenance.  Will 
transfer  the  SQL  Server 
Database  and  SQL  Sever 
Database  Objects  in  SQL 
Server,  Oracle,  Sybase,  and 
DB2.  40  hrs/week,  competitive 
salary,  Master's  degree 
required,  Travel  required.  Send 
Resume  to: 

Broadfusion,  Inc. 

6209  Highway  41  South 
P.O.  Box  220 
Bolingbroke,  GA  31004 


PROGRAMMER  ANALYST  - 
Tompkins  Dental  Health  PC 
(Ithaca,  NY),  seeks  Programmer 
Analyst  to  analyze,  design  & 
implement  web-based  applica¬ 
tions  &  customized  business 
software.  Must  possess  exp  in 
the  following  skill  sets:  C,  C++, 
Visual  Basic,  Oracle  &  JAVA. 
Candidates  must  conduct  busi¬ 
ness  analysis,  generate  reports, 
conduct  systems  studies  &  pro¬ 
vide  training  to  end-users  of 
computer  technology.  Competi¬ 
tive  salary.  Please  apply  w/2 
copies  of  resume  to:  HRD, 
Tompkins  Dental  Health  PC, 
2309  North  Triphammer  Rd, 
Ithaca,  NY  14850. 


Computer  Professional  TN 
based  IT  firm,  Jr.  Lvi  Positions 
Prog  Analysts,  S/w  Engrs  to 
develop,  create  &  modify  gener¬ 
al  comp  applications  s/w  or  spe¬ 
cialized  utility  programs.  Analyze 
user  needs  &  develop  s/w  solu¬ 
tions.  Sr.  Lvi  Position,  IT  Mgr  to 
plan,  direct  or  coordinate  activi¬ 
ties  in  such  fields  as  electronic 
data  processing,  information 
systems,  systems  analysis  & 
comp  programming.  Apply  w/2 
copies  of  resume  to  H.R.D, 
Spartan  Solutions,  LLC.  2705 
Appling  Road,  Suite  #  201, 
Memphis,  TN  38133 _ 


Programmer  Analyst  w/2 
yrs  of  exp  to  dev,  test, 
debug,  implement  &  doc¬ 
ument  s/ware  applic. 
using  DOS,  Oracle, 
PL/SQL,  HTML,  JAVA, 
Java  Script  on  Windows. 
Mail  res  to:  Elite 
Limousine  Plus  Inc.,  32- 
72  Gale  Avenue,  Long 
Island  City,  NY  11101 


IT  Professionals  &  Managers  Needed 
Patni  Computer  Systems,  Inc.,  an 
established  and  expanding  IT 
Consulting  company  with  head¬ 
quarters  in  Cambridge,  MA  is 
searching  for  qualified  IT 
Professionals  (i.e,  Software 
Consultants,  Software  Engineers, 
Programmer/ Analysts,  Systems 
Analysts,  Database  Analysts,  QC 
Engineers);  Information  Systems 
and  Project  Managers;  and 
account/sales  managers  for  its 
growing  team.  Technical  positions 
require  a  bachelor's  degree  in 
computer  science,  engineering  or 
a  related  field  and/or  relevant 
industry  experience.  For  our 
Information  Systems  and  Project 
Manager  positions  we  prefer  a 
MS  degree  in  related  fields  such 
as  computer  science  or  engineer¬ 
ing  and  relevant  industry  experi¬ 
ence.  We  will  consider  applicants 
with  a  relevant  bachelor's  degree 
and  significant  industry  experi¬ 
ence  for  these  positions.  Our 
account/sales  manager  positions 
involve  developing  and  managing 
business  development  initiatives, 
as  well  as  existing  accounts  for 
the  company.  Qualified  applicants 
will  have  a  technical  and/or  busi¬ 
ness/marketing  degree  (master's 
preferred)  and  relevant  industry 
experience.  Positions  may 
require  relocation  to  various  client 
sites  throughout  the  United 
States.  Qualified  applicants  sub¬ 
mit  resumes  to  HR  Department 
(Attn:  Mithilesh  Sharma),  Patni 
Computer  Systems,  Inc.,  One 
Broadway,  15th  Floor, 
Cambridge,  MA  02142. 


BEA  Systems,  Inc.  has  available 
the  following  positions  (various 
levels/types)  at  locations  through¬ 
out  US,  including  CA  (San  Jose  & 
San  Francisco);  CO  (Boulder  & 
Denver);  MA  (Burlington);  NJ 
(Liberty  Corner);  VA  (McLean); 
TX  (Dallas/Plano);  WA  (Seattle): 
Software  Engineers  (IE1106-SG) 

•SWE  Test  (IE1106-ST) 

•  SWE  Integration  (IE1 106-SI) 

•  SWE  Developer  Relations 
(IE1106-SD) 

•  SWE  Consultants  (IE1106-SC) 
Systems  Engineers  (IE1106-SE) 
Database  &  Systems 
Administrators  (IE1106-DSA) 
Product  and  Program  Managers 
(IE1106-PM) 

Development  Technologists 
(IE1106-DT) 

Business  Development 
Managers  (IE1106-BDM) 

Travel  may  be  required  for  some 
positions.  Submit  resume  to 
usjobs@bea.com.  Must  refer¬ 
ence  position  &  Job  ID#  listed 
above.  EOE. 


Keane,  Inc.  seeks  IT  profession¬ 
als.  Currently  based  in  Jersey 
City,  NJ.  Must  be  willing  to  be 
assigned  to  client  sites  through¬ 
out  the  U.S.  (multiple  openings) 
include:  (Code  R-1381)  Software 
Engineer:  MS  or  equiv.  +  3  yrs 
exp.  in  software  dev.  w/  Java 
Swing,  Weblogic,  J2EE;  (Code 
R-1707)  Systems  Analyst:  BS  or 
equiv.  +  2  yrs  exp.  in  software 
dev.  w /  Java  tools  in  UNIX  envi¬ 
ron.;  (Code  R-1703)  Software 
Engineer:  MS  +  3  yrs  or  BS  +  5 
yrs  exp.  in  enterprise  software 
dev.  w/  J2EE  &  Servlets  on  UNIX 
&  Windows  platforms;  (Code  R- 
1704)  Software  Engineer:  MS  or 
equiv.  +  3  yrs  exp.  in  dev.  &  test¬ 
ing  of  enterprise  apps.  w /  J2EE  & 
Apache  Tomcat;  (Code  R-1385) 
Software  Engineer:  BS  or  equiv. 
+  2  yrs  exp.  dev.  financial  apps. 
w/  IDMS,  LU6.2,  MERVA, 
INTERTST  Send  resumes  w/ 
Job  Code  to  Keane,  Inc. 
McDermott — JOBS  100  City 
Square,  Boston,  MA  02129 


Career  opportunities  CA  &  vari¬ 
ous  sites  as  necessary  for  Jr,  Sr, 
Lead  Programmer  Analysts:  ana¬ 
lyze,  design,  develop  &  maintain 
mainframe  &  multi-tier  arch  sys¬ 
tems.  Req:  MS  or  BS  (or  foreign 
equiv)  in  Science,  Engg, 
Business  Admin  or  related,  and  1 
to  5  yrs  exp  in  various  fields  such 
as  COBOL,  DB2,  IMS,  CICS, 
MVS,  JCL,  COOLGEN,  COGEN, 
VB.Net,  ASP.Net,  C#,  SQL,, 
COM+,  ORACLE,  PSP,  Java, 
EJB,  J2EE,  RUP,  EAI  tools  like 
MQ  Series,  Vitria  etc.,  Data  ware¬ 
housing  and  ETL  tools  like 
Cognos,  Informatica, 

Microstrategy, ERP  tools  like  SAP, 
Enterprise  level  Systems  Admins 
for  Windows  and  UNIX.  Mail 
resumes  to:  Prelude  Systems 
Inc,  P.O.  Box  5558,  Diamond  Bar, 
CA  91765  or  Visit  us  at 
http://careers.preiudesys.com  to 
post  your  resume  .  Prelude 
Systems  Inc  is  an  equal  opportu¬ 
nity  employer. 


Calif  based  IT  co  has  openings  at 
its  Torrance,  CA  and  Chicago,  IL 
ofcs  and  at  unanticipated  client 
sites  across  the  US  for  Software 
Eng,  Progrmmr.  Analyst,  Project 
Leader/Mgr.,  System  Mgr.,  Biz 
Dvlpmnt.  Consultants,  Biz 
Analysts  and  Financial  Analysts. 
Responsible  for  custom  program 
development  and  implementation 
and  system  analysis  and  design. 
Will  provide  software  support  to 
clients  that  includes  testing, 
debugging  and  modifying  soft¬ 
ware.  Mail  resumes  to  RJT 
Compuquest  Inc.,  23440 
Hawthorne  Blvd.,  #210,  Torrance, 
CA  90505,  Attn:  HR 


Texas  A&M  University  Corpus 
Christi  is  currently  accepting 
applications  for  an  Information 
Technology  Manager.  The  posi¬ 
tion  requires  a  Bachelor's  degree 
in  Computer  Science  plus  2  years 
experience  in  installation,  mainte¬ 
nance  and  security  of 
LINUX/Windows  servers.  Salary 
range  is  $37,179  -  $41,131  plus 
full  benefits.  For  the  complete  job 
posting  and  to  apply  go  to: 
https://islanderjobs.tamucc.edu/ 
This  is  a  security  sensitive  posi¬ 
tion.  Continued  employment  is 
contingent  upon  a  successful 
background  investigation.  A&M- 
CC  is  an  equal  opportunity 
employer  committed  to  diversity. 


Software  Engineer,  Applications. 
Five  years  experience  as  a 
Software  Engineer  or  related 
position  with  strong  background 
in  design,  datawarehousing, 
development,  and  testing  as  QA 
Analyst.  If  five  years  experi¬ 
ence,  Bachelors  equivalent  in 
Engineering  or  Computers  or 
Masters  and  three  years  of 
experience.  Experience  with 
Informatica,  C,  C++,  Oracle, 
PERL,  and  ETL  development 
testing  and  production  of  OLAP 
systems.  Able  to  relocate.  9-5, 
40  hrs/wk.  Ref#  ETL100-NC 
and  Send  resumes  to 
jobs@ateninc.com . 


Certification 

Ads 


Are  you  an  individual,  agency  or 
law  office  needing  to  place  ads 
to  fulfil!  legal  requirements? 

Let  us  help  you  put  together  an 
efficient,  cost  effective  program 
that  will  help  you  place  your  ads 
quickly  and  easily. 

For  more  details,  contact  us  at: 

800.762.2977 
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Did  you  find 
the  IT 
Career 
Opportunity 
you  were 
looking  for? 


Check  back  weekly 
for  fresh  job  listings 
placed  by  top 
companies 
looking  for  skilled  IT 
professionals  like  you! 
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Find  out  how 
you  can  reach 
over  1,200,000 
IT  professionals. 


Call  today  for 
details! 
800-762-2977 
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Software  Engineers, 
multiple  positions: 
Software  Quality 
Leaders,  Inc.  Resume 
Director  3150  De  La 
Cruz  Blvd.,  #138, 
Santa  Clara,  CA 
95054  or  email 
openjobs@softql.com 


Multiple  positions  for  software 
engineers,  system  analysts, 
DBAs  working  in  Metro  Detroit  or 
other  area.  Require  MS/BS  or 
equivalent  with  related  IT  exp  and 
skills  depending  on  each  position. 
Contact  iKnowvate  Technologies, 
Inc.  at  info@iknowvate.com. 
Competitive  salary.  EOE. 

LK  Tech  seeks  MIS  Analyst  to 
design  e-commerce  applications 
such  as  inventory  management, 
sales,  account  receivables  using 
various  tools.  Must  have  Master 
in  computer  application  or  com¬ 
merce.  We  offer  competitive 
salary.  Send  resumes:  31715  W  8 
Mile,  Livonia.  Ml  48152. 
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Are  you  an  individual, 
agency  or  law  office 
needing  to  place  ads 
to  fulfill  legal 
requirements? 

Let  us  help  you  put 
together  an  efficient, 
cost  effective  program 
that  will  help  you  place 
your  ads  quickly  and 
easily. 


For  more  details, 
contact 

Laura  Wilkinson 
800-762-2977 


IT 
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Keane  seeks  professionals,  cur¬ 
rent  location  shown  below,  must 
be  willing  to  be  assigned  to 
client  sites  throughout  the  U.S. 
Multiple  openings  including: 
(Code  R-1663)  Software 
Engineer:  BS  or  equiv  +18  mos. 
Exp.  in  developing  B2B  financial 
applications  w/Websphere 
Struts.  EJB,  Clear  Case.  Boston, 
MA;  (Code  R-1686) 
Programmer/Analyst:  BS  or 
equiv  +  3  yrs  software  dev. 
w/Apache,  Struts,  XML  & 
Oracle.  Worcester,  MA;  (Code 
R-1693)  Programmer/Analyst: 
BS  or  equiv  +  2  yrs  exp  in  soft¬ 
ware  dev.  w/Bowstreet  Factory, 
J2EE  &  EJB.  Worcester,  MA; 
(Code  R-1626)  Sr. 
Programmer/Analyst:  BS  or 
equiv  +  2  yrs  software  dev 
w/WebMethods,  B2B(i)&  Oracle. 
Irving  TX;  (Code  R-1694) 
Computer  Systems  Analyst:  BS 
or  equiv  +  2  yrs  database  soft¬ 
ware  dev  w/lnformix  in  Unix  env¬ 
iron.  Irving,  TX.  Send  Resumes 
w/Job  Code  to  Keane,  Inc., 
McDermott-JOBS,  100  City 
Square.  Boston,  MA  02129. 


Computer  Programmer 
Analyst:  Nordhaus  Law 
Firm  LLP  in  Albuquerque, 
NM.  Write  &  develop  pro¬ 
grams  &  database.  Master 
degree  req.  Email  resume 
to  Administrator  hiring-pro- 
ganalyst@nordhauslaw.co 
m  or  fax  to  505-243-4464 


Computer  System 

Administrator,  Senior  want¬ 
ed  by  plumbing  hardware  & 
pneumatic  tools  wholesaler 
in  Irvine  ,  CA.  M.S  in  Comp. 
Sci.  Resume  to  Markimex 
Inc.,  attn.  HR,  2502 
Barranca  Pkwy  .  Irvine,  CA 
92606 


Didn’t  find 
the  IT  Career 
that  you  were 
looking  for? 


Check  back 
with  us  weekly  for 
fresh  listings 
placed  by 
top  companies 
looking  for  skilled 
IT  professionals 
like  you! 


For  more  details,  contact 
us  at:  800.762.2977 

ITlcareers 


Greif,  Inc.  is  a  global  producer  of 
industrial  packaging  products. 
We  have  the  following  position 
available  at  our  headquarters  in 
Delaware,  Ohio.  APPLICATION 
SUPPORT  ANALYST  II  to  sup¬ 
port  Baan  Enterprise  Resource 
Planning  (ERP)  applications  in  a 
multi-site  environment  including 
general  ledger,  receivables, 
payables  and  reconciliation  to 
general  ledger,  payment  runs  via 
checks,  ACH,  wires,  electronic 
bank  statements  and  their  appli¬ 
cation  to  open  items,  integration 
efforts  and  perform  setup 
changes.  Apply  domain  experi¬ 
ence  to  solution/workarounds  to 
the  finance  users.  Gather  user 
requirements,  prepare  question¬ 
naires  and  construct  functional 
and  technical  designs.  Test  and 
deploy  solutions  and  investigate 
root  cause.  Fix  bugs  or  suggest 
solutions.  Apply  solutions  and 
perform  system  test  after  service 
packs.  Perform  updates  to  the 
Taxware  applications.  Reconcile 
tax  data  from  Taxware  v/s  Baan 
Finance.  Undertake  Sarbanes- 
Oxley  (SOX)  management  audit 
for  finance  areas  Debug  pro¬ 
gram  scripts,  perform  fixes  and 
4GL  scripting.  Prepare  and  exe¬ 
cute  plans  for  application  migra¬ 
tion  from  4c  to  SSA  LN 
Bachelor’s  degree  in  Computer 
Science,  Finance  or  Accounting 
and  three  years  directly  related 
work  experience  required,  includ¬ 
ing  Baan  Enterprise  Resource 
Planning  (ERP)  Finance  applica¬ 
tions  and  Sarbanes-Oxley  audit 
experience.  Please  apply  online 
to:  hrmanager@greif.com. 
Greif,  Inc.  is  an  Equal  Opportunity 
Employer. 


Database  Admin  -SQL  wanted 
to  oversee  efforts  associated 
w/planning,  admin.  &  operational 
support  of  client/server  database 
mgmt  systems  &  related  tech¬ 
nologies  in  a  SQL  Server  multi¬ 
vendor,  multipplatform  computing 
environment.  Must  have  Bach  in 
Comp.  Sci.,  MIS.  or  related  field, 
&  3  yrs.  Exper.  in  a  database  pro¬ 
gramming/support  environment, 
incl.  admin,  on-call  support  & 
database  admin,  exper  using 
Microsoft  SQL  Server  &  Oracle 
DMBS  as  well  as  exper.  support¬ 
ing  client/server  applications  in  a 
Microsoft  NT/2000  and  UNIX 
environment.  Send  resume  to 
Patrick  DeVivo,  Sr.  Human 
Resources  Generalist,  Lahey 
Clinic,  41  Mall  Rd.,  Burlington, 
MA  01805. 


Screen  Actors  Guild- 
Producers  seeks  Systems 
Engineer  to  design,  develop 
&  maintain  contribution 
accounting,  claims  adjudi¬ 
cation,  eligibility  and  pen¬ 
sion  systems  using  C++, 
MFC,  Tuxedo,  Pro-C  & 
Oracle  Stored  procedures 
on  WindowsA/MS.  M.Sc.  or 
foreign  equivalent  in 
Computer  Sc.,  Eng.  or  relat¬ 
ed  field  required  &  1  yr  exp. 
in  job  or  related  field.  Full 
time/salaried  position. 
Submit  resume  to  Lesleigh 
Egan,  SAGP,  Pension  & 
Health  Plans,  3601  W.  Olive 
Ave.,  Burbank,  CA91505  or 
fax  to  (818)  953-2555. 


Wanted  Principal  Systems 
Programmer  for  the  City  of 
Chicago.  Design  &  develop 
databases  &  web  applications. 
Technology  skills  required: 
Oracle,  Java,  Visual  Basic, 
Enterprise  Resource  Planning, 
ArcView  (GIS)  and  Business 
Objects.  Must  have  Bachelor's 
degree  in  Computer  Science, 
plus  at  least  one  year  of  experi¬ 
ence  in  the  job  offered  or  as  pro¬ 
grammer  for  a  governmental 
body.  Must  have  authorization  to 
work  permanently  in  the  United 
States.  Submit  resumes  online, 
specifying  advertisement  code: 
PSPCWP  ,  at:  www.cityofchicago 
.org/personnel. 


EDS  has  the  following  opportunities  for  all  levels  for  its  offices  in  Hoover 
and  Mobile,  AL;  Cerritos,  Chico,  Cupertino,  El  Segundo,  Folsom,  Milpitas, 
Rancho  Cordova,  San  Diego,  San  Francisco,  San  Jose,  San  Ramon, 
Scotts  Valley,  Seaside,  and  Sunnyvale,  CA;  Broomfield,  Colorado  Springs, 
Denver,  Englewood,  Highlands  Ranch,  Lakewood,  Louisville,  CO;  Bay 
Pines  FL;  Atlanta,  GA;  Honolulu,  HI;  Chicago,  IL;  Indianapolis  and 
Kokomo,  IN;  Overland  Park  and  Topeka,  Kansas;  Boston  and  Quincy,  MA; 
Rockville,  Silver  Spring,  and  Sparrows  Point  MD;  Auburn  Hills,  Lansing, 
Romulus,  Troy,  and  Warren,  Ml;  Kansas  City  and  Maryland  Heights,  MO; 
Cary  and  Charlotte,  NC;  Newark,  NJ;  New  York,  and  Rochester,  NY; 
Westerville.  OH;  Tulsa,  OK;  Portland.  OR;  Springhill,  TN;  Dallas,  Fort 
Worth.  Houston,  Plano,  and  Southlake,  TX;  Salt  Lake  City,  UT;  and 
Alexandria  and  Herndon,  VA.  Please  note  that  not  all  positions  are  avail¬ 
able  in  all  locations. 


Information  Analysts 
Information  Specialists 
Senior  Information  Specialist 
Infrastructure  Analysts 
Infrastructure  Specialists 
Infrastructure  Specialists  Senior 
Systems  Engineers 
Systems  Engineers  Senior 
Systems  Engineers  Advanced 
Engineering  Specialists 
Software  Engineers 
Consultants 
Consultants  Specialists 
Consultants  Senior 
Principal  Consultants 
Solution  Consultants 
Managing  Consultants 


Systems  Administrators 
Systems  Administrators 
Advanced 

Systems  Administration 
Associates 

Database  Administrators 
Applied  Analysts 
Business  Service  Analysts 
Business  Service  Analysts 
Advanced 

Senior  Financial  Analysts 
Financial  Analysts  Advanced 
Finance  Managers 
Project  Analysts  Advanced 
Procurement  &  Asset 
Associates 

Technical  Delivery  Managers 


Submit  resume  with  job  title  and  location  interested  in  to:  JW,  EDS  H3-3A- 
05,  5400  Legacy  Drive  ,  Plano,  TX  75024 


Saras  America  has  openings  for 
Systems  Analyst,  Programmer, 
Software  Engineer,  DBA.  Job 
duties/tools  vary  depending  on 
position  (SAP,  Oracle,  Unix, 
VB.Net.  J2EE,  Java,  WebSphere/ 
WebLogic,  C/C++,  etc).  MS  or  BS 
with  1-5yrs  exp.  Travel  maybe 
required.  Send  resume  to: 
hr@SarasAmerica.com. 

Thermal  Wave  (Ferndale,  Ml) 
seeks  software  engineer  to 
design  software  for  infrared  non¬ 
destructive  testing.  Apply  thermal 
wave  imaging  and  techniques  for 
nondestructive  evaluation  of 
aerospace,  automotive  materials. 
Require  MSCS  with  1-5yrs  relat¬ 
ed  exp.  Send  resumes  to 
hr@thermalwave.com. 


Sr  Software  Developers 
to  design  and  code  soft¬ 
ware  product  components, 
develop,  enhance,  imple¬ 
ment  and  debug  client/serv¬ 
er  applications,  and  web 
applications  using  Java  and 
NET  technologies.  Requried 

M. S.C.S  or  related  field  and 
2  years  experience.  Send 
resume  to  S.  Arseniev,  V.P, 
Ref.  #  99A35,  3307  M  St„ 

N. W.,  Ste  200,  Washington, 
DC  20007. 


Computer  Professional  NJ 
based  IT  firm,  Jr.  Lvl  Positions 
Prog  Analysts,  S/w  Engrs  to 
develop,  create  &  modify  gener¬ 
al  comp  applications  s/w  or  spe¬ 
cialized  utility  programs.  Analyze 
user  needs  and  develop  s/w 
solutions.  Sr.  Lvl  Position,  IT 
Mgr  to  plan,  direct  or  coordinate 
activities  in  such  fields  as  elec¬ 
tronic  data  processing,  informa¬ 
tion  systems,  systems  analysis, 
and  comp  programming.  Apply 
w/2  copies  of  resume  to  H.R.D, 
Vaktech  Corporation,  LLC.3 
Cypress  CT,  Plainsboro,  NJ 
08536 


Software  Engineer.  5  yrs 
exp.  with  Clear  Case, 
Clear  Quest,  Requisite 
Pro,  Citrix  and  VMW 
using  Perl,  Ant,  Unix 
shell,  Solaris,  HP-UX, 
SCO  &  Windows.  B.CS, 
B.CE,  or  rel.  degree,  for¬ 
eign  equiv  required.  Send 
resumes  to  Trendium 
Inc.,  1580  Sawgrass 
Corporate  Pkwy,  Suite 
200,  Sunrise,  FL  33323 


1  /  \  \  I  COMPUTERWORLD 

tPttT  I  IT  LEADERS  CONFERENCE 

Don't  miss  Computerworld's  unveiling 
of  our  2007  honorees!  These  IT 
superstars  excel  as  mentors  and 
motivators,  they're  known  for  their 
innovation,  and  they're  respected  for 
their  abilities  to  execute  IT  strategies. 

Their  profiles  are  inspirational,  and 
the  list  represents  a  remarkable  span 
of  U.S.  and  multinational  companies. 


If  you  have  a  recruitment  message  and  want  to  tap  into  the 
passion  and  pride  that  this  issue  generates  among  our  1.3 
million  readers,  please  contact  Laura  Wilkinson  at 
laura_wilkinson@itcareers.net  or  847.441.8877  for  more  infor¬ 
mation  and  rates.  Print  and  online  programs  are  available. 
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Symantec 

lems  than  they  are  about  the 
effects  they’re  seeing:  a  licens¬ 
ing  logjam  on  the  new  Backup 
Exec  lid  release  and  slow 
responses  when  it  comes  to 
customer  support. 

Scott  Ladewig,  manager  of 
networking  and  operations 
at  the  John  M.  Olin  School 
of  Business  at  Washington 
University  in  St.  Louis,  said 
that  he  has  been  waiting  three 
weeks  for  an  upgrade  to  Back¬ 
up  Exec  lid. 

“According  to  customer  sup¬ 
port,  they  have  thousands  and 
thousands  of  [software  up¬ 
grade]  invitations  being  held 
because  the  merger  of  Veritas 
licensing  with  their  own  has 
been  such  a  disaster,”  Ladewig 
said.  “It  seems  to  be  a  huge 
fiasco.” 

Thompson  said  the  new 
licensing  system  provides  a 
unified  process  for  registering 
Symantec  and  Veritas  users 
and  assigning  them  identity 
keys.  The  two  companies  had 
different  approaches  before, 
he  noted.  For  example,  Backup 
Exec  users  “didn’t  have  to 
register  and  tell  us  where 
the  product  was  being  used,” 
Thompson  explained.  Now,  he 
said,  “we’re  dealing  with  hun¬ 
dreds  of  thousands  of  users 
here  that  need  to  get  licensing 
keys  and  register.” 

Pacing  Itself 

Because  of  the  number  of  cus¬ 
tomers  involved,  Symantec 
has  been  slowly  meting  out 
new  license  notifications  to  us¬ 
ers  of  the  Veritas  backup  soft¬ 
ware  —  sending  about  20,000 
at  a  time. 

“We’ll  have  all  those  batches 
sent  out  to  clients  by  mid- 
February,”  Thompson  said.  “If  a 
client  wanted  to  see  one  earlier, 
we  could  probably  facilitate  that 
one  client  receiving  it  earlier.” 

Symantec  has  posted  a  mes¬ 
sage  on  its  new  licensing  por¬ 
tal  notifying  customers  that 
because  of  the  high  volume 


of  inquiries,  it  will  take  five 
to  seven  business  days  to  re¬ 
spond  to  requests  for  upgrades 
to  Backup  Exec  lid,  which  was 
released  last  month. 

Thompson  said  Symantec 
officials  weighed  the  idea  of 
delaying  lid’s  release  but  de¬ 
cided  that  they  wanted  users  to 
experience  the  benefits  of  the 
combined  licensing  portal  and 
the  new  ability  to  interact  with 
Symantec  and  Veritas  as  one 
company. 

“We  did  add  significant  staff 
to  our  support  lines  to  make 
sure  we  could  handle  the  call 
volumes  for  year-end  and  also 
the  changes  in  process  and 
upgrades,”  Thompson  said.  “It 
does  sound  like  some  custom¬ 
ers  are  experiencing  some 
waits  that  are  longer  than  nor¬ 
mal.  I  can  see  how  some  cus¬ 
tomers  would  not  be  happy,  and 


BY  LUCAS  MEARIAN 

Symantec  CIO  David  Thompson 

spoke  with  Computerworld  last 
week  about  the  company’s  new 
unified  online  licensing  system 
and  the  upgrade  delays  and 
customer  support  problems  that 
some  users  are  facing.  Excerpts 
from  the  interview  follow: 

Backup  Exec  users  say  there's  a 
logjam  in  getting  their  upgrades 
to  the  lid  release  because  of  the 
launch  of  the  combined  Symantec 
and  Veritas  licensing  portal.  What’s 
going  on?  The  current  feedback 
we’re  getting  from  clients  is 
there  have  been  some  chal¬ 
lenges  around  a  very  small 
subset  of  our  customer  base 
that  are  previous  Veritas  cli¬ 
ents  who  use  the  Backup  Exec 
product.  As  part  of  our  new 
release  and  [licensing]  process, 
we’re  now  asking  all  of  our  cli¬ 
ents  to  register  and  also  to  ob¬ 
tain  their  license  keys  through 
that  registration  process. 


If  the  [Veritas/ 
Symantec] 
merger  is  helping 
me  as  a  customer, 

I  haven’t  seen  it. 

SCOTT  LADEWIG,  IT  MANAGER. 
WASHINGTON  UNIVERSITY,  ST.  LOUIS 

we’re  addressing  that  head-on.” 

Cris  Paden,  a  Symantec 
spokesman,  said  more  infor¬ 
mation  will  be  released  in  the 
next  few  weeks  about  the  soft¬ 
ware  piracy  rings,  which  he 
said  are  costing  the  company 
sales  that  amount  to  “eight  fig¬ 
ures”  annually. 

The  problems  in  transition¬ 
ing  customers  through  the  new 
licensing  process  are  “minimal 
[compared  with]  what  our  sup¬ 
port  people  would  endure  if 


One  other  reason  we  con¬ 
solidated  our  licensing  process 
was  to  mitigate  and  reduce  our 
exposure  to  software  piracy. 
We’ve  had  some  challenges 
with  that  in  certain  regions. 
The  consolidated  licensing 
model  is  one  way  to  ensure 
that  the  client  who  purchased 
the  product  is  the  client  who’s 
using  the  product. 

I’m  also  hearing  from  users  that 
there  are  really  long  waits  when  it 
comes  to  getting  technical  support. 
Have  you  had  to  put  more  of  your 
manpower  into  the  merger  with 
Veritas  than  in  servicing  customers? 
There  are  three  specific  things 


they  were  having  to  deal  with 
customers  using  counterfeit 
versions  of  Backup  Exec,” 
Paden  added.  “It’s  a  growing 
problem  that  we’re  trying  to 
head  off  at  the  pass.” 

Support  Concerns 

But  Symantec’s  support  prob¬ 
lems  don’t  appear  to  be  limited 
to  the  Veritas  software. 

John  Halamka,  CIO  at 
Harvard  Medical  School  and 
CareGroup  Healthcare  Sys¬ 
tem,  both  of  which  are  based 
in  Boston,  said  Symantec  re¬ 
cently  forgot  to  send  his  office 
a  license-renewal  reminder 
for  his  Brightmail  Anti-Spam 
application.  There  was  “a 
lapse  in  coverage  of  a  few  days 
that  caused  us  to  scramble,” 
Halamka  said. 

Chris  Varner,  chief  tech¬ 
nology  officer  at  DDJ  Capital 


happening  at  once.  One,  it’s 
year’s  end,  and  a  lot  of  clients 
are  doing  a  lot  of  work,  and  we 
typically  see  a  high  call  vol¬ 
ume  near  the  year’s  end  and 
around  the  holidays. 

The  [second]  thing  is  that  as 
we  were  deploying  these  new 
capabilities  to  the  licensing 
portal,  we  realized  there  wras 
going  to  be  some  noise  within 
our  customer  base  as  we 
implemented  these  new  proc¬ 
esses.  So  we  were  expecting  a 
higher  call  volume  related  to 
customers  learning  the  new 
licensing  process. 

The  third  thing,  and  this  is 
the  thing  you’re  homing  in 
on,  is  that  the  Backup  Exec 
lid  upgrade  hit  right  around 
the  same  time.  If  we’d  sent 
out  those  upgrade  notices  all 


Management  LLC  in  Wellesley, 
Mass.,  said  he  had  to  call  tech 
support  at  Symantec  three 
times  last  week  before  he 
finally  got  an  answer  regard¬ 
ing  a  problem  with  his  spam¬ 
filtering  software,  which  had 
stopped  working. 

“On  three  different  phone 
calls  with  three  different  tech- 
support  reps,  we  got  three  dif¬ 
ferent  answers,”  Varner  said. 

Ladewig  said  that  instead 
of  just  being  able  to  view  in¬ 
formation  about  his  Veritas 
licenses  when  he  logs  into  Sy¬ 
mantec’s  online  portal,  he  now 
sees  licenses  for  every  depart¬ 
ment  at  Washington  University 
—  but  not  all  of  his  own  data. 

“I  see  some  of  my  stuff,  and 
other  stuff  still  isn’t  there,” 
Ladewig  said.  “If  the  merger 
is  helping  me  as  a  customer,  I 
haven’t  seen  it.”  * 


at  once,  we  would  have  had  a 
tremendous  amount  of  change 
occurring  in  our  customer 
base.  So  we’ve  been  sending 
those  out  [in  stages]  and  will 
have  them  completed  by  the 
end  of  February. 

Is  the  need  for  the  staged  approach 
related  to  the  process  of  distribut¬ 
ing  the  license  upgrade  notices,  or 
to  the  rollout  of  the  new  licensing 
portal  itself?  In  the  past,  the 
customers  who  received  these 
[upgrade  notices]  were  imme¬ 
diately  able  to  use  the  product, 
but  now  they’re  being  asked 
to  register  and  obtain  the  keys. 
So  customers  are  interacting 
with  a  new  process. 

It’s  not  a  performance  is¬ 
sue  with  the  new  system,  and 
it’s  not  a  performance  issue 
that  I  can  see  at  this  point  in 
time  with  our  support  group; 
it’s  just  a  volume  of  change 
occurring  all  at  once.  It’s  un¬ 
fortunate  that  customers  are 
impacted  here,  but  I  think  the 
benefits  are  pretty  good  for 
them.  And  in  the  end,  hope¬ 
fully  we’ll  reduce  piracy.  * 


“It’s  not  a  performance  issue  with 
the  new  system  [or]  with  our 
support  group;  it’s  just  a  volume 
of  change  occurring  all  at  once.” 


DAVID  THOMPSON,  CIO,  SYMANTEC  C0RP. 


Symantec  Licensing  Changes  Cause  Customer  Angst 

CIO  Thompson  says  impact  on  users 
is  ‘unfortunate,’  but  points  to  benefits 
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Vet  All  Code 


NO  ONE  KNOWS  what’s  in  software  that’s  developed 

overseas.  It  might  have  trapdoors,  time  bombs  or  other 
malicious  code  put  there  by  saboteurs.  And  that  has  a 
Department  of  Defense  task  force  worried.  “There  are 
very  clever  things  that  can  be  done,”  says  task  force 
chairman  Robert  Lucky.  “And  we’re  talking  about  complexity  that 
boggles  the  mind.  It’s  so  enormous  that  no  one  can  truly  understand  a 
program  with  millions  of  lines  of  source  code.” 

Should  we  trust  offshore  software  developers  not  to  sabotage  the 
code  they  write  for  the  Defense  Department?  Of  course  not. 

Trust  isn’t  the  issue.  We  need  to  verify  that  the  software  does  what 
we  want  and  nothing  more  —  no  matter  where  it  comes  from. 


As  Computerworld’ s  Gary  Anthes  reported 
last  week,  the  task  force  is  scheduled  to  issue  its 
report  early  next  year  on  the  risks  of  military-use 
software  that’s  developed  outside  the  U.S.  Ac¬ 
cording  to  Lucky,  the  group’s  recommendations 
won’t  include  banning  offshore  development  of 
military  systems.  They  will  call  for  beefing  up 
inspections  and  tests  of  such  code. 

That’s  great,  no  doubt.  But  it  dodges  a  bigger 
question:  Why  does  the  Pentagon  accept  soft¬ 
ware  from  any  supplier,  foreign  or  domestic,  that 
the  DOD  can’t  adequately  review  and  verify? 

If  software  is  too  complex  for  Pentagon  re¬ 
viewers  to  understand,  why  should  anyone  be¬ 
lieve  that  the  programmers  got  it  right,  much  less 
trust  that  it’s  free  of  malicious  code? 

After  all,  that’s  the  real  problem.  That  mind- 
boggling  complexity  in  multimillion-line  piles 
of  code  doesn’t  just  offer  hiding  places  for  sabo¬ 
teurs.  It  also  hides  unintentional  security  holes, 
as  well  as  other  bugs  that  could  surface  in  unex¬ 
pected  and  —  in  war-fighting  software  —  liter¬ 
ally  fatal  ways. 

And  that’s  not  acceptable.  Some  software 
projects,  by  their  nature,  have  to 
be  huge.  But  they  don’t  have  to  be 
incomprehensible. 

That  problem  was  cracked  30  years 
ago,  and  the  solution  has  been  refined 
ever  since:  Break  projects  down 
into  parts  for  small  teams  to  imple¬ 
ment.  Design  in  the  form  of  testable 
modules.  Keep  breaking  the  modules 
down  to  smaller  modules.  Prototype. 

Get  it  working.  Test.  Integrate.  Refac¬ 
tor.  Repeat  as  you  scale  it  up. 

Yes,  it’s  a  lot  harder  than  that 
makes  it  sound.  And  the  result  is 
still  a  big  pile  of  code  with  plenty  of 
complexity.  But  the  code  is  in  mod¬ 


ules  that  can  be  understood.  It’s  a  big  pile  of  little 
parts  that  can  be  properly  reviewed  and  verified, 
not  just  tested  for  functionality  and  taken  on 
trust  for  quality  and  security. 

If  the  DOD  wants  to  spot  sabotage  in  the  soft¬ 
ware  that  contractors  write  for  it,  that’s  the  kind 
of  code  the  DOD  must  demand. 

Will  it  cost  more?  Yes  —  for  the  greater  effort 
in  development  and  the  time  and  expertise 
required  to  vet  the  code. 

More  than  that,  it  will  require  some  wrenching 
adjustments  to  how  the  DOD  farms  out  software 
development.  Verifiable  software  development 
doesn’t  match  up  well  with  today’s  defense  pro¬ 
curement  practices.  Politicians,  Pentagon  bu¬ 
reaucrats  and  defense  contractors  all  have  a  stake 
in  huge  projects  that  are  too  complex  to  judge,  so 
they’re  impossible  to  kill. 

Changing  that  culture  is  a  lot  to  ask  of  one  task 
force.  It  may  be  impossible.  But  Lucky  and  his 
group  have  to  try. 

The  alternative  is  for  the  DOD  to  keep  con¬ 
tracting  for  ever  more  complex  software  projects 
that  fail  ever  more  frequently  and  face  the  added 
risk  of  sabotage  from  offshore  devel¬ 
opers  —  all  the  while  trusting  that, 
even  though  no  one  at  the  DOD  can 
figure  out  the  code,  the  coders  know 
what  they’re  doing. 

That  kind  of  trust  is  a  fantasy 
—  and  a  recipe  for  disaster. 

The  reality  is  that  the  best  way  — 
the  only  way  —  to  protect  Pentagon 
software  from  offshore  contractors 
injecting  malicious  code  is  to  make 
the  code  understandable,  review- 
able  and  testable. 

There’s  no  other  choice. 

Anything  else  is  sabotage  waiting 
to  happen. » 


FRANK  HAYES,  Computer- 
world's  senior  news  columnist, 
has  covered  IT  for  more  than 
20  years.  Contact  him  at  frank. 
hayes@computerworld.com. 


But  It  Did  Kill  That  Spam 


Spam  is  heavy  at  this  mortgage  company,  so  a  consul¬ 
tant  is  brought  in.  He  reviews  six  months  of  accumu¬ 
lated  spam,  designs  a  filter  and  sets  up  an  antispam 
appliance  that  should  kill  98%  of  the  junk.  Everyone’s 
happy.  Then  it  goes  live.  “On  the  first  day,  there’s  no 
spam,  but  the  company’s  business  has  evaporated," 
says  a  pilot  fish  on  the  scene.  “They  didn’t  receive 
a  single  mortgage  loan  closing  document.  On  the 
second  day,  minimal  spam,  no  orders  and  very,  very 
loud  customer  complaints.”  Turns  out  that  35%  of 
the  spam  samples  were  for  mortgage  companies, 
so  “mortgage”  was  one  of  the  keywords  used  to  filter 
out  spam.  Sighs  fish,  “The  system  was  fixed,  so  they 
now  get  both  their  orders  and  mortgage  spam.” 


No,  Not 
That  UPS 

Insurance  com¬ 
pany’s  data  cen¬ 
ter  is  moving  to 
a  new  building,  and  this 
pilot  fish  is  explaining 
to  a  meeting  of  senior 
execs  that  IT  is  about  to 
relocate  the  UPS  to  the 
new  location,  so  there 
will  be  no  UPS  protec¬ 
tion  until  the  move  to 
the  new  data  center  is 
complete.  Fortunately, 
power  has  been  very 
stable,  so  the  chance  of 
an  outage  is  small.  But 
one  VP  is  still  worried. 
“Wait  a  minute,”  he  says. 
“We  ship  almost  every¬ 
thing  by  UPS.  Won't  this 


and  Saturday 
nights,”  user 
says.  “But  the 
instructions 
say  to  beep 
the  on-call  if  it  doesn’t 
finish  by  4:30.”  What 
time  does  it  usually 
finish?  “Around  6.”  All 
right,  fish  says,  please 
make  a  note  on  the  op 
instructions  not  to  call 
me  tomorrow  unless  it 
doesn’t  finish  by  6. 

Power  Play 

This  sysadmin  pilot  fish 
has  a  decade  of  experi¬ 
ence,  so  he  figures  he 
shouldn’t  have  trouble 
setting  up  a  very  high- 
end  server  for  a  rush 


SHARK 

TANK*. 


affect  our  service?” 


Why  Change 


job.  But  he  can’t  get 
it  to  power  up  -  the 

w.i.j  v..u„yu  switch  just  does  nothing. 

What  Works?  Suspecting  faulty  power, 

Support  pilot  fish  isn’t  he  calls  in  an  electrician. 

“The  electrician  came 
and  verified  power  with 
an  ammeter,”  says  fish. 
“He  then  flipped  the 
switch  on  the  far  side  of 


usually  on  call,  but  this 
time  she  gets  beeped  at 
4:30  Saturday  morning. 
What’s  wrong?  asks 
fish  when  she  returns 


the  call.  “The  overnight 
jobs  didn’t  finish,”  data 
center  operator  says. 
Suddenly,  fish  is  fully 
awake.  Did  something 
happen?  How  much 
extra  time  is  it  taking? 
she  asks.  “Oh,  it  always 
runs  over  on  Friday 


the  power  supply,  and 
the  machine  came  on.  I 
had  been  flipping  the 
system  switch  because 
I  had  no  idea  the  power 
supply  switch  was  there. 
The  electrician  promised 
he  wouldn’t  embellish 
the  story  too  much.” 


4%  DON’T  EMBELLISH  AT  ALL.  Just  send  me  your  true 
tale  of  IT  life  at  sharky@computerworld.com. 

You’ll  get  a  snazzy  Shark  shirt  if  I  use  it.  And  check  out 
Sharky’s  blog,  browse  the  Sharkives  and  sign  up  for  Shark 
Tank  home  delivery  at  computerwoiid.com/sharky. 


Cingular's  New  3G  L  a  p  t  o  p  C  o  n  n  e  ct  Card 


now 


is  global,  broadband,  secure. 


Business  is  not  bound  by  geography.  Wireless 
shouldn't  be  either.  With  Cingular's  LaptopConnect 
card,  you  can  work  at  broadband  speeds  here  and 
abroad.  Do  better  business  with  now. 


>  Cingular  is  the  only  U.S.  wireless  provider  to  offer 
a  3G  global  solution  from  a  single  laptop  card. 

>  No  one  has  a  faster  wireless  broadband  network 
than  Cingular. 

>  Largest  national  high-speed  wireless  data  network 
with  mobile  broadband  speeds  in  over  130  major 
U.S.  markets  and  growing. 

>  More  secure  than  Wi-Fi  and  with  a  wider  coverage 
area  -  no  hotspots  required. 


Get  Cingular's  Global  3G 
LaptopConnect  card  for  only 


$4999 


after  $100  mail-in  rebate  debit  card 
with  2-year  service  agreement  on 
Unlimited  Data  Connect  plan. 


Call  1-866-4CWS-B2B  Clickwww.cingular.com/broadbandconnect  Visit  your  nearest  Cingular  store 


Xcingular 

raising  the  bari.iill 


B 

m 


Limited-time  offer.  Other  conditions  and  restrictions  apply.  See  contract  and  rate  plan  brochure  for  details.  Subscriber  must  live  and  have  a  mailing  address  within  Cingular’s  owned  network  coverage  area.  Up  to  $30  activation  fee  applies.  Equipment  price  and  availability  may  vary  by  market  and  may  no! 
be  available  from  independent  retailers.  Early  Termination  Fee:  None  if  cancelled  in  the  first  30  days;  thereafter  $175.  Some  agents  impose  additional  fees.  Rebate  Debit  Card:  LaptopConnect  card  price  before  mail-in  rebate  debit  card  with  Unlimited  Data  Connect  plan  purchase  is  $149.99.  Allow  10  1 2 
weeks  for  rebate  debit  card.  Rebate  debit  card  not  available  at  all  locations.  Must  be  customer  for  30  consecutive  days.  Must  be  postmarked  by  12/30/06.  Sales  tax  calculated  based  on  price  of  unactivated  equipment.  ©2006  Cingular  Wireless.  All  rights  reserved. 


Oracle 

Fusion  Middleware 


Hot-Pluggable.  Comprehensive. 

J2EE  —  Enterprise  Portal  —  Identity  Management — Integration  —  Data  Hub  —  Business  Intelligence 


oracle.com 

or  call  1.800.0RACLE.1 


Source:  Gartner  "Market  Share:  Application  Integration,  Middleware  and  Portal  Software," 
Worldwide,  2005.  Based  on  2005  license  revenue  worldwide. 
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